Route OCSP stapling through CertVerifier.

net/cert/cert_verify_proc.h

Index: net/cert/cert_verify_proc.h
diff --git a/net/cert/cert_verify_proc.h b/net/cert/cert_verify_proc.h
index f60ed6d9232631f1ae2e0fcefb27a373bfe20d08..05c600bf521c1767e32fcbae108e465a52ddb6fc 100644
--- a/net/cert/cert_verify_proc.h
+++ b/net/cert/cert_verify_proc.h
@@ -38,6 +38,8 @@ class NET_EXPORT CertVerifyProc
   // |verify_result->cert_status|, and the error code for the most serious
   // error is returned.
   //
+  // |ocsp_response|, if non-empty, is a stapled OCSP response to use.
+  //
   // |flags| is bitwise OR'd of VerifyFlags:
   //
   // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, online certificate
@@ -56,6 +58,7 @@ class NET_EXPORT CertVerifyProc
   // implementation.
   int Verify(X509Certificate* cert,
              const std::string& hostname,
+             const std::string& ocsp_response,
              int flags,
              CRLSet* crl_set,
              const CertificateList& additional_trust_anchors,
@@ -66,6 +69,11 @@ class NET_EXPORT CertVerifyProc
   // passed to Verify() is ignored when this returns false.
   virtual bool SupportsAdditionalTrustAnchors() const = 0;
 
+  // Returns true if the implementation supports passing a stapled OCSP response
+  // to the Verify() call. The |ocsp_response| parameter passed to Verify() is
+  // ignored when this returns false.
+  virtual bool SupportsOCSPStapling() const = 0;
+
  protected:
   CertVerifyProc();
   virtual ~CertVerifyProc();
@@ -79,6 +87,7 @@ class NET_EXPORT CertVerifyProc
   // cryptographic library.
   virtual int VerifyInternal(X509Certificate* cert,
                              const std::string& hostname,
+                             const std::string& ocsp_response,
                              int flags,
                              CRLSet* crl_set,
                              const CertificateList& additional_trust_anchors,