Certificate Transparency: Require SCTs for EV certificates.

net/socket/ssl_client_socket_nss.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
 
 #include <certt.h>
 #include <keyt.h>
 #include <nspr.h>
@@ skipping 19 matching lines @@
 #include "net/ssl/channel_id_service.h"
 #include "net/ssl/ssl_config_service.h"
 
 namespace base {
 class SequencedTaskRunner;
 }
 
 namespace net {
 
 class BoundNetLog;
+class CertPolicyEnforcer;
 class CertVerifier;
 class ChannelIDService;
 class CTVerifier;
 class ClientSocketHandle;
 class SingleRequestCertVerifier;
 class TransportSecurityState;
 class X509Certificate;
 
 // An SSL client socket implemented with Mozilla NSS.
 class SSLClientSocketNSS : public SSLClientSocket {
@@ skipping 147 matching lines @@
   // TODO(rsleevi): http://crbug.com/130616 - Remove this member once
   // ExportKeyingMaterial is updated to be asynchronous.
   PRFileDesc* nss_fd_;
 
   BoundNetLog net_log_;
 
   base::TimeTicks start_cert_verification_time_;
 
   TransportSecurityState* transport_security_state_;
 
+  scoped_ptr<CertPolicyEnforcer> policy_enforcer_;
+
   // pinning_failure_log contains a message produced by
   // TransportSecurityState::CheckPublicKeyPins in the event of a
   // pinning failure. It is a (somewhat) human-readable string.
   std::string pinning_failure_log_;
 
   // The following two variables are added for debugging bug 65948. Will
   // remove this code after fixing bug 65948.
   // Added the following code Debugging in release mode.
   mutable base::Lock lock_;
   // This is mutable so that CalledOnValidThread can set it.
   // It's guarded by |lock_|.
   mutable base::PlatformThreadId valid_thread_id_;
 };
 
 }  // namespace net
 
 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_