Cache certificate verification results in memory.

net/socket/ssl_client_socket_mac.h

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_
 #define NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_
 #pragma once
 
 #include <Security/Security.h>
 
 #include <string>
 #include <vector>
 
 #include "base/scoped_ptr.h"
 #include "net/base/cert_verify_result.h"
 #include "net/base/completion_callback.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/net_log.h"
 #include "net/base/ssl_config_service.h"
 #include "net/socket/ssl_client_socket.h"
 
 namespace net {
 
 class CertVerifier;
 class ClientSocketHandle;
+class SingleRequestCertVerifier;
 
 // An SSL client socket implemented with Secure Transport.
 class SSLClientSocketMac : public SSLClientSocket {
  public:
   // Takes ownership of the |transport_socket|, which must already be connected.
   // The hostname specified in |host_and_port| will be compared with the name(s)
   // in the server's certificate during the SSL handshake.  If SSL client
   // authentication is requested, the host_and_port field of SSLCertRequestInfo
   // will be populated with |host_and_port|.  |ssl_config| specifies
   // the SSL settings.
   SSLClientSocketMac(ClientSocketHandle* transport_socket,
                      const HostPortPair& host_and_port,
-                     const SSLConfig& ssl_config);
+                     const SSLConfig& ssl_config,
+                     CertVerifier* cert_verifier);
   ~SSLClientSocketMac();
 
   // SSLClientSocket methods:
   virtual void GetSSLInfo(SSLInfo* ssl_info);
   virtual void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info);
   virtual NextProtoStatus GetNextProto(std::string* proto);
 
   // ClientSocket methods:
   virtual int Connect(CompletionCallback* callback);
   virtual void Disconnect();
@@ skipping 81 matching lines @@
     // STATE_VERIFY_CERT_COMPLETE, and then continues to
     // STATE_COMPLETED_RENEGOTIATION. After STATE_COMPLETED_RENEGOTIATION
     // has been processed, it goes back to STATE_COMPLETED_HANDSHAKE and
     // will remain there until the server requests renegotiation again.
     // During the initial handshake, STATE_COMPLETED_RENEGOTIATION is
     // skipped.
   };
   State next_handshake_state_;
 
   scoped_refptr<X509Certificate> server_cert_;
-  scoped_ptr<CertVerifier> verifier_;
+  CertVerifier* const cert_verifier_;
+  scoped_ptr<SingleRequestCertVerifier> verifier_;
   CertVerifyResult server_cert_verify_result_;
 
   // The initial handshake has already completed, and the current handshake
   // is server-initiated renegotiation.
   bool renegotiating_;
   bool client_cert_requested_;
   SSLContextRef ssl_context_;
 
   // These buffers hold data retrieved from/sent to the underlying transport
   // before it's fed to the SSL engine.
   std::vector<char> send_buffer_;
   int pending_send_error_;
   std::vector<char> recv_buffer_;
 
   // These are the IOBuffers used for operations on the underlying transport.
   scoped_refptr<IOBuffer> read_io_buf_;
   scoped_refptr<IOBuffer> write_io_buf_;
 
   BoundNetLog net_log_;
 };
 
 }  // namespace net
 
 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_