Change the bad-certificate handler for SSL (using NSS) to return an...

net/base/ssl_client_socket_nss.h

Index: net/base/ssl_client_socket_nss.h
===================================================================
--- net/base/ssl_client_socket_nss.h	(revision 12708)
+++ net/base/ssl_client_socket_nss.h	(working copy)
@@ -17,6 +17,8 @@
 
 namespace net {
 
+class X509Certificate;
+
 // An SSL client socket implemented with Mozilla NSS.
 class SSLClientSocketNSS : public SSLClientSocket {
  public:
@@ -34,7 +36,6 @@
 
   // ClientSocket methods:
   virtual int Connect(CompletionCallback* callback);
-  virtual int ReconnectIgnoringLastError(CompletionCallback* callback);
   virtual void Disconnect();
   virtual bool IsConnected() const;
   virtual bool IsConnectedAndIdle() const;
@@ -44,6 +45,8 @@
   virtual int Write(const char* buf, int buf_len, CompletionCallback* callback);
 
  private:
+  void InvalidateSessionIfBadCertificate();
+  X509Certificate* UpdateServerCert();
   void DoCallback(int result);
   void OnIOComplete(int result);
 
@@ -59,7 +62,12 @@
   void BufferSendComplete(int result);
   void BufferRecvComplete(int result);
 
-  // nss calls this on error.  We pass 'this' as the first argument.
+  // NSS calls this when checking certificates. We pass 'this' as the first
+  // argument.
+  static SECStatus OwnAuthCertHandler(void* arg, PRFileDesc* socket,
+                                      PRBool checksig, PRBool is_server);
+
+  // NSS calls this on error.  We pass 'this' as the first argument.
   static SECStatus OwnBadCertHandler(void* arg, PRFileDesc* socket);
 
   CompletionCallbackImpl<SSLClientSocketNSS> buffer_send_callback_;
@@ -81,6 +89,9 @@
   // Set when handshake finishes.  Value is net error code, see net_errors.h
   int server_cert_error_;
 
+  // Set during handshake.
+  scoped_refptr<X509Certificate> server_cert_;
+
   bool completed_handshake_;
 
   enum State {