Add X509CertificateBytes which uses CRYPTO_BUFFER instead of macOS-native certificate types.

net/cert/x509_certificate.cc

Index: net/cert/x509_certificate.cc
diff --git a/net/cert/x509_certificate.cc b/net/cert/x509_certificate.cc
index 3121e1b5a1022ee6917352423ba92afa0c308aa1..cf5d2f6222e0fc59cc493ee338cd6d113db89b8e 100644
--- a/net/cert/x509_certificate.cc
+++ b/net/cert/x509_certificate.cc
@@ -48,7 +48,7 @@ const char kCertificateHeader[] = "CERTIFICATE";
 // The PEM block header used for PKCS#7 data
 const char kPKCS7Header[] = "PKCS7";
 
-#if !defined(USE_NSS_CERTS)
+#if !defined(USE_NSS_CERTS) && !BUILDFLAG(USE_BYTE_CERTS)
 // A thread-safe cache for OS certificate handles.
 //
 // Within each of the supported underlying crypto libraries, a certificate
@@ -189,19 +189,20 @@ void X509CertificateCache::Remove(X509Certificate::OSCertHandle cert_handle) {
     cache_.erase(pos);
   }
 }
-#endif  // !defined(USE_NSS_CERTS)
+#endif  // !defined(USE_NSS_CERTS) && !BUILDFLAG(USE_BYTE_CERTS)
 
 // See X509CertificateCache::InsertOrUpdate. NSS has a built-in cache, so there
-// is no point in wrapping another cache around it.
+// is no point in wrapping another cache around it. With USE_BYTE_CERTS, the
+// CYRPTO_BUFFERs are deduped by a CRYPTO_BUFFER_POOL.
 void InsertOrUpdateCache(X509Certificate::OSCertHandle* cert_handle) {
-#if !defined(USE_NSS_CERTS)
+#if !defined(USE_NSS_CERTS) && !BUILDFLAG(USE_BYTE_CERTS)
   g_x509_certificate_cache.Pointer()->InsertOrUpdate(cert_handle);
 #endif
 }
 
 // See X509CertificateCache::Remove.
 void RemoveFromCache(X509Certificate::OSCertHandle cert_handle) {
-#if !defined(USE_NSS_CERTS)
+#if !defined(USE_NSS_CERTS) && !BUILDFLAG(USE_BYTE_CERTS)
   g_x509_certificate_cache.Pointer()->Remove(cert_handle);
 #endif
 }