Remove DenyCertForHost from SSLHostStateDelegate API.

content/browser/ssl/ssl_policy.cc

Index: content/browser/ssl/ssl_policy.cc
diff --git a/content/browser/ssl/ssl_policy.cc b/content/browser/ssl/ssl_policy.cc
index 18fdde4dfe2bf9823e716ae01e48db73f1641fb8..f2bdd2145cf2bc912468ff5d6d1554a36474aed4 100644
--- a/content/browser/ssl/ssl_policy.cc
+++ b/content/browser/ssl/ssl_policy.cc
@@ -45,10 +45,9 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
     return;
   }
 
-  // The judgment is either DENIED or UNKNOWN.
-  // For now we handle the DENIED as the UNKNOWN, which means a blocking
-  // page is shown to the user every time he comes back to the page.
-
+  // The judgment must be UNKNOWN because QueryPolicy guarantees that it will
+  // never return DENIED. For these hosts, a blocking page is shown to the user
+  // every time he comes back to the page.
   int options_mask = 0;
   switch (handler->cert_error()) {
     case net::ERR_CERT_COMMON_NAME_INVALID:
@@ -180,13 +179,6 @@ void SSLPolicy::OnAllowCertificate(scoped_refptr<SSLCertErrorHandler> handler,
     handler->ContinueRequest();
   } else {
     // Default behavior for rejecting a certificate.
-    //
-    // While DenyCertForHost() executes synchronously on this thread,
-    // CancelRequest() gets posted to a different thread. Calling
-    // DenyCertForHost() first ensures deterministic ordering.
-    backend_->DenyCertForHost(handler->ssl_info().cert.get(),
-                              handler->request_url().host(),
-                              handler->cert_error());
     handler->CancelRequest();
   }
 }