Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform.

net/cert/ocsp_verify_result.h

Index: net/cert/ocsp_verify_result.h
diff --git a/net/cert/ocsp_verify_result.h b/net/cert/ocsp_verify_result.h
new file mode 100644
index 0000000000000000000000000000000000000000..da67e33af479133b788fcec0829e4539fdaafb5a
--- /dev/null
+++ b/net/cert/ocsp_verify_result.h
@@ -0,0 +1,58 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_CERT_OCSP_VERIFY_RESULT_H
+#define NET_CERT_OCSP_VERIFY_RESULT_H
+
+#include <string>
+
+#include "base/optional.h"
+#include "net/base/net_export.h"
+#include "net/cert/internal/parse_ocsp.h"
+
+namespace net {
+
+class NET_EXPORT OCSPVerifyResult {
+ public:
+  OCSPVerifyResult();
+  OCSPVerifyResult(const OCSPVerifyResult&);
+  ~OCSPVerifyResult();
+
+  void Reset();
+
+  enum ResponseStatus {
+    // No OCSPResponse was stapled.
+    MISSING,
+
+    // An up-to-date OCSP response was stapled and matched the certificate.
+    PROVIDED,
+
+    // The stapled OCSP response did not have a SUCCESFUL status.
+    BAD_RESPONSE,
+
+    // At least one OCSPSingleResponse was stapled, but none matched the
+    // certificate.
+    NO_MATCHING_RESPONSE,
+
+    // A matching OCSPSingleResponse was stapled, but was either expired or not
+    // yet valid.
+    INVALID_DATE,
+
+    // The OCSPResponse structure could not be parsed.
+    PARSE_RESPONSE,
+
+    // The OCSPResponseData structure could not be parsed.
+    PARSE_RESPONSE_DATA,
+  };
+
+  ResponseStatus response_status;
+
+  // The strictest CertStatus matching the certificate. Only present if
+  // |response_status| = PROVIDED.

[svaldez, 2016/06/29 14:41:22]

*is

Maybe explicitly call out what "strictest" CertStatus means.

[dadrian, 2016/06/30 21:52:43]

Done.

+  base::Optional<OCSPCertStatus::Status> cert_status;
+};
+
+}  // namespace net
+
+#endif  // NET_CERT_OCSP_VERIFY_RESULT_H