QUIC - Race Cert Verification with host resolution if certs are

net/quic/crypto/proof_verifier.h

Index: net/quic/crypto/proof_verifier.h
diff --git a/net/quic/crypto/proof_verifier.h b/net/quic/crypto/proof_verifier.h
index fc520aab9b27bb3821b0b9e959fae401e639c6f0..ddc6288fe5530e2b9cb01a63129ab3817bd6e9a9 100644
--- a/net/quic/crypto/proof_verifier.h
+++ b/net/quic/crypto/proof_verifier.h
@@ -87,6 +87,27 @@ class NET_EXPORT_PRIVATE ProofVerifier {
       std::string* error_details,
       std::unique_ptr<ProofVerifyDetails>* details,
       ProofVerifierCallback* callback) = 0;
+
+  // VerifyCert checks that |certs| is a valid chain for |hostname|. On success,
+  // it returns QUIC_SUCCESS. On failure, it returns QUIC_FAILURE and sets
+  // |*error_details| to a description of the problem. In either case it may set
+  // |*details|, which the caller takes ownership of.
+  //
+  // |context| specifies an implementation specific struct (which may be nullptr
+  // for some implementations) that provides useful information for the
+  // verifier, e.g. logging handles.
+  //
+  // This function may also return QUIC_PENDING, in which case the ProofVerifier
+  // will call back, on the original thread, via |callback| when complete.
+  // In this case, the ProofVerifier will take ownership of |callback|.
+  virtual QuicAsyncStatus VerifyCertChain(
+      const std::string& hostname,
+      const uint16_t port,

[Ryan Hamilton, 2016/07/07 21:36:12]

nit: I wonder if |port| is actually needed?

[ramant (doing other things), 2016/07/07 22:18:27]

+1. Because we are not enforcing policy checking when we just verify certs, we
don't need port. Deleted it.

Done.

+      const std::vector<std::string>& certs,
+      const ProofVerifyContext* context,
+      std::string* error_details,
+      std::unique_ptr<ProofVerifyDetails>* details,
+      ProofVerifierCallback* callback) = 0;
 };
 
 }  // namespace net