Remove DenyCertForHost from SSLHostStateDelegate API.

content/browser/ssl/ssl_policy.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/ssl/ssl_policy.h"
 
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/memory/singleton.h"
@@ skipping 17 matching lines @@
 
 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend)
     : backend_(backend) {
   DCHECK(backend_);
 }
 
 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
   bool expired_previous_decision;
   // First we check if we know the policy for this error.
   DCHECK(handler->ssl_info().is_valid());
-  net::CertPolicy::Judgment judgment =
+  SSLHostStateDelegate::CertJudgment judgment =
       backend_->QueryPolicy(*handler->ssl_info().cert.get(),
                             handler->request_url().host(),
                             handler->cert_error(),
                             &expired_previous_decision);
 
-  if (judgment == net::CertPolicy::ALLOWED) {
+  if (judgment == SSLHostStateDelegate::ALLOWED) {
     handler->ContinueRequest();
     return;
   }
 
-  // The judgment is either DENIED or UNKNOWN.
-  // For now we handle the DENIED as the UNKNOWN, which means a blocking
-  // page is shown to the user every time he comes back to the page.
-
+  // For all other hosts, which must be DENIED, a blocking page is shown to the
+  // user every time they come back to the page.
   int options_mask = 0;
   switch (handler->cert_error()) {
     case net::ERR_CERT_COMMON_NAME_INVALID:
     case net::ERR_CERT_DATE_INVALID:
     case net::ERR_CERT_AUTHORITY_INVALID:
     case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
     case net::ERR_CERT_WEAK_KEY:
     case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION:
       if (!handler->fatal())
         options_mask |= OVERRIDABLE;
@@ skipping 112 matching lines @@
     //
     // While AllowCertForHost() executes synchronously on this thread,
     // ContinueRequest() gets posted to a different thread. Calling
     // AllowCertForHost() first ensures deterministic ordering.
     backend_->AllowCertForHost(*handler->ssl_info().cert.get(),
                                handler->request_url().host(),
                                handler->cert_error());
     handler->ContinueRequest();
   } else {
     // Default behavior for rejecting a certificate.
-    //
-    // While DenyCertForHost() executes synchronously on this thread,
-    // CancelRequest() gets posted to a different thread. Calling
-    // DenyCertForHost() first ensures deterministic ordering.
-    backend_->DenyCertForHost(*handler->ssl_info().cert.get(),
-                              handler->request_url().host(),
-                              handler->cert_error());
     handler->CancelRequest();
   }
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 // Certificate Error Routines
 
 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler,
                                     int options_mask) {
   bool overridable = (options_mask & OVERRIDABLE) != 0;
@@ skipping 38 matching lines @@
       SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED;
 }
 
 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) {
   GURL parsed_origin(origin);
   if (parsed_origin.SchemeIsSecure())
     backend_->HostRanInsecureContent(parsed_origin.host(), pid);
 }
 
 }  // namespace content