Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform.

net/cert/ocsp_verify_result.h

Index: net/cert/ocsp_verify_result.h
diff --git a/net/cert/ocsp_verify_result.h b/net/cert/ocsp_verify_result.h
new file mode 100644
index 0000000000000000000000000000000000000000..bdbe514e43fc53534ad2af98d2acde60def12c8b
--- /dev/null
+++ b/net/cert/ocsp_verify_result.h
@@ -0,0 +1,62 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_CERT_OCSP_VERIFY_RESULT_H
+#define NET_CERT_OCSP_VERIFY_RESULT_H
+
+#include <string>
+
+#include "base/optional.h"
+#include "net/base/net_export.h"
+#include "net/cert/ocsp_revocation_status.h"
+
+namespace net {
+
+struct NET_EXPORT OCSPVerifyResult {
+  OCSPVerifyResult();
+  OCSPVerifyResult(const OCSPVerifyResult&);
+  ~OCSPVerifyResult();
+
+  void Reset();
+
+  enum ResponseStatus {
+    // No OCSPResponse was stapled.
+    MISSING,
+
+    // An up-to-date OCSP response was stapled and matched the certificate.
+    PROVIDED,
+
+    // The stapled OCSP response did not have a SUCCESFUL status.
+    BAD_RESPONSE,
+
+    // The OCSPResponseData field producedAt was outside the certificate
+    // validity period.
+    BAD_PRODUCED_AT,
+
+    // At least one OCSPSingleResponse was stapled, but none matched the
+    // certificate.
+    NO_MATCHING_RESPONSE,
+
+    // A matching OCSPSingleResponse was stapled, but was either expired or not
+    // yet valid.
+    INVALID_DATE,
+
+    // The OCSPResponse structure could not be parsed.
+    PARSE_RESPONSE,
+
+    // The OCSPResponseData structure could not be parsed.
+    PARSE_RESPONSE_DATA,
+
+  };
+
+  ResponseStatus response_status;
+
+  // The strictest CertStatus matching the certificate (REVOKED > UNKNOWN >
+  // GOOD). Only present if |response_status| = PROVIDED.
+  base::Optional<OCSPRevocationStatus> cert_status;
+};
+
+}  // namespace net
+
+#endif  // NET_CERT_OCSP_VERIFY_RESULT_H