Remove DenyCertForHost from SSLHostStateDelegate API.

content/public/browser/ssl_host_state_delegate.h

Index: content/public/browser/ssl_host_state_delegate.h
diff --git a/content/public/browser/ssl_host_state_delegate.h b/content/public/browser/ssl_host_state_delegate.h
index bcacd7fdef1aa08b47496abf9344090809df2dd5..74505dfea542a10eaf0d60524fa63a021a44a18c 100644
--- a/content/public/browser/ssl_host_state_delegate.h
+++ b/content/public/browser/ssl_host_state_delegate.h
@@ -24,24 +24,20 @@ namespace content {
 // default strategy of not remembering decisions at all.
 class SSLHostStateDelegate {
  public:
-  // Records that |cert| is not permitted to be used for |host| in the future,
-  // for a specified |error| type.
-  virtual void DenyCert(const std::string& host,
-                        net::X509Certificate* cert,
-                        net::CertStatus error) = 0;
-
   // Records that |cert| is permitted to be used for |host| in the future, for
   // a specified |error| type.
   virtual void AllowCert(const std::string&,
                          net::X509Certificate* cert,
                          net::CertStatus error) = 0;
 
-  // Clear all allow/deny preferences.
+  // Clear all allow preferences.
   virtual void Clear() = 0;
 
-  // Queries whether |cert| is allowed or denied for |host| and |error|. Returns
-  // true in |expired_previous_decision| if a previous user decision expired
-  // immediately prior to this query, otherwise false.
+  // Queries whether |cert| is allowed for |host| and |error|. Returns true in
+  // |expired_previous_decision| if a previous user decision expired immediately
+  // prior to this query, otherwise false. Since the API does not currently
+  // provide a way to deny certs, QueryPolicy guarantees to return either
+  // ALLOWED or UNKNOWN but never DENIED.
   virtual net::CertPolicy::Judgment QueryPolicy(
       const std::string& host,
       net::X509Certificate* cert,