Add a do-nothing CTVerifier to //net

Add a do-nothing CTVerifier to //net

Provide a concrete implementation of a CTVerifier that allows consumers
to opt-out of verifying CT information. While this is not generally
desirable for consumers of "the Web PKI" (e.g.: websites), it's
acceptable and potentially desirable for things like peer-to-peer
[D]TLS sockets (like WebRTC or Remoting), or for cases where the
overall application is not ready to support Certificate Transparency
(for example: may lack any form of update path).

BUG=none
R=eroman@chromium.org

Committed: https://crrev.com/611d8235a1fc74a1d0a0602fe8253771c23608fe
Cr-Commit-Position: refs/heads/master@{#437449}

[Ryan Sleevi, 2016-12-02 01:23:12]

I was hoping you could look at this, since you're the one most likely to
critique the comment and documentation. I tried to capture the outline of the
issue, but would happily receive feedback from you (or Eran and David, CC'd) on
any possible suggestions or improvements.

If it wasn't for the lifetime complexities, 'pass-by-reference' would have been
the desired API contract, but since we have a pointer, and since nullptr is
ambiguous between intentional-and-laziness, added a concrete class to indicate
"I know what I'm doing, take off the safety rails"

[eroman, 2016-12-02 01:46:23]

lgtm

https://codereview.chromium.org/2540293004/diff/1/net/cert/do_nothing_ct_veri...
File net/cert/do_nothing_ct_verifier.h (right):

https://codereview.chromium.org/2540293004/diff/1/net/cert/do_nothing_ct_veri...
net/cert/do_nothing_ct_verifier.h:19: // decision rather than a potential
accidental decision (such as allowing
potential accidental --> potentially accidental?

https://codereview.chromium.org/2540293004/diff/1/net/cert/do_nothing_ct_veri...
net/cert/do_nothing_ct_verifier.h:29: // relevant. Alternatively, as a 'healthy'
client for Certificate Transparency
not convinced that quotes should be included around 'healthy' here (or below).

I suggest either removing the quote, or picking a word you don't feel
necessitates quotes. Perhaps 'robust' or 'secure'?

https://codereview.chromium.org/2540293004/diff/1/net/cert/do_nothing_ct_veri...
net/cert/do_nothing_ct_verifier.h:40: // Because of these complex nuances, it's
not unexpected that consumers of
style-nit: the double negative here could be simplified.

https://codereview.chromium.org/2540293004/diff/1/net/cert/do_nothing_ct_veri...
net/cert/do_nothing_ct_verifier.h:41: // CTVerifiers will want to require a
CTVerifier be supplied, so that the
If you really want to raise eyebrows in codereviews, consider a name like
InsecureCTVerify, or DeliberatelyInsecureCTVerifier

https://codereview.chromium.org/2540293004/diff/1/net/cert/do_nothing_ct_veri...
net/cert/do_nothing_ct_verifier.h:56: };
DISALLOW_COPY_AND_ASSIGN ?

[Ryan Sleevi, 2016-12-09 02:00:11]

The CQ bit was checked by rsleevi@chromium.org

[Ryan Sleevi, 2016-12-09 02:00:11]

The patchset sent to the CQ was uploaded after l-g-t-m from eroman@chromium.org
Link to the patchset: https://codereview.chromium.org/2540293004/#ps60001
(title: "Grammar bad")

[commit-bot: I haz the power, 2016-12-09 02:00:46]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-12-09 03:29:07]

CQ is committing da patch.

Bot data: {"patchset_id": 60001, "attempt_start_ts": 1481248811458340,
"parent_rev": "1d933efa51f039b92d8d64e4779350aee6c6f314", "commit_rev":
"00660e01546384fdf2c1fb5271f70214f85a4bce"}

[commit-bot: I haz the power, 2016-12-09 03:29:38]

Committed patchset #4 (id:60001)

[commit-bot: I haz the power, 2016-12-09 03:32:11]

Description was changed from

==========
Add a do-nothing CTVerifier to //net

Provide a concrete implementation of a CTVerifier that allows consumers
to opt-out of verifying CT information. While this is not generally
desirable for consumers of "the Web PKI" (e.g.: websites), it's
acceptable and potentially desirable for things like peer-to-peer
[D]TLS sockets (like WebRTC or Remoting), or for cases where the
overall application is not ready to support Certificate Transparency
(for example: may lack any form of update path).

BUG=none
R=eroman@chromium.org
==========

to

==========
Add a do-nothing CTVerifier to //net

Provide a concrete implementation of a CTVerifier that allows consumers
to opt-out of verifying CT information. While this is not generally
desirable for consumers of "the Web PKI" (e.g.: websites), it's
acceptable and potentially desirable for things like peer-to-peer
[D]TLS sockets (like WebRTC or Remoting), or for cases where the
overall application is not ready to support Certificate Transparency
(for example: may lack any form of update path).

BUG=none
R=eroman@chromium.org

Committed: https://crrev.com/611d8235a1fc74a1d0a0602fe8253771c23608fe
Cr-Commit-Position: refs/heads/master@{#437449}
==========

[commit-bot: I haz the power, 2016-12-09 03:32:12]

Patchset 4 (id:??) landed as
https://crrev.com/611d8235a1fc74a1d0a0602fe8253771c23608fe
Cr-Commit-Position: refs/heads/master@{#437449}