Remember user decisions on invalid certificates behind a flag

content/public/browser/ssl_host_state_decisions.h

Index: content/public/browser/ssl_host_state_decisions.h
diff --git a/content/public/browser/ssl_host_state_decisions.h b/content/public/browser/ssl_host_state_decisions.h
new file mode 100644
index 0000000000000000000000000000000000000000..a03dc176ed1cb1119313376d0d352d05164b7fd5
--- /dev/null
+++ b/content/public/browser/ssl_host_state_decisions.h
@@ -0,0 +1,40 @@
+// Copyright (c) 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_SSL_HOST_STATE_DECISIONS_H_
+#define CONTENT_BROWSER_SSL_HOST_STATE_DECISIONS_H_
+
+#include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
+#include "content/common/content_export.h"
+#include "net/cert/x509_certificate.h"
+
+class GURL;
+
+namespace content {
+
+// SSLHostStateDecisions must be implemented by the embedder, to provide the
+// storage strategy (if any) for certificate decisions.
+class CONTENT_EXPORT SSLHostStateDecisions {
+ public:
+  virtual void DenyCert(const GURL& url,
+                        net::X509Certificate* cert,
+                        net::CertStatus error) = 0;
+  virtual void AllowCert(const GURL& url,
+                         net::X509Certificate* cert,
+                         net::CertStatus error) = 0;
+  virtual void Clear() = 0;
+  virtual net::CertPolicy::Judgment QueryPolicy(const GURL& url,
+                                                net::X509Certificate* cert,
+                                                net::CertStatus error) = 0;
+  virtual void RevokeAllowAndDenyPreferences(const GURL& url) = 0;
+  virtual bool HasAllowedOrDeniedCert(const GURL& url) = 0;
+
+ protected:
+  virtual ~SSLHostStateDecisions() {}
+};
+
+}  // namespace content
+
+#endif  // CONTENT_BROWSER_SSL_HOST_STATE_DECISIONS_H_