Certificate Transparency: Change CTVerifyResult to have a single list

net/cert/ct_verify_result.h

Index: net/cert/ct_verify_result.h
diff --git a/net/cert/ct_verify_result.h b/net/cert/ct_verify_result.h
index ca163580d739be120956dad667d286db801e51d5..33a25dd3f30c26baa124323516f24345153f22d3 100644
--- a/net/cert/ct_verify_result.h
+++ b/net/cert/ct_verify_result.h
@@ -7,8 +7,9 @@
 
 #include <vector>
 
+#include "net/base/net_export.h"
 #include "net/cert/ct_policy_enforcer.h"
-#include "net/cert/signed_certificate_timestamp.h"
+#include "net/cert/signed_certificate_timestamp_and_status.h"
 
 namespace net {
 
@@ -27,12 +28,8 @@ struct NET_EXPORT CTVerifyResult {
   CTVerifyResult(const CTVerifyResult& other);
   ~CTVerifyResult();
 
-  // SCTs from known logs where the signature verified correctly.
-  SCTList verified_scts;
-  // SCTs from known logs where the signature failed to verify.
-  SCTList invalid_scts;
-  // SCTs from unknown logs and as such are unverifiable.
-  SCTList unknown_logs_scts;
+  // All SCTs and their statuses
+  SignedCertificateTimestampAndStatusList scts;
 
   // True if any CT policies were applied on this connection.
   bool ct_policies_applied;
@@ -44,6 +41,12 @@ struct NET_EXPORT CTVerifyResult {
   EVPolicyCompliance ev_policy_compliance;
 };
 
+// Returns a list of SCTs from |sct_and_status_list| whose status matches
+// |match_status|.
+SCTList NET_EXPORT SCTsMatchingStatus(
+    const SignedCertificateTimestampAndStatusList& sct_and_status_list,
+    SCTVerifyStatus match_status);
+
 }  // namespace ct
 
 }  // namespace net