Certificate Transparency: Threading the CT verifier into the SSL client socket.

net/cert/cert_status_flags.h

Index: net/cert/cert_status_flags.h
diff --git a/net/cert/cert_status_flags.h b/net/cert/cert_status_flags.h
index 630df650fe3f759e1230a30de495f3c977e20804..31e69654bc3e56e01ebe77af862859e491f9043c 100644
--- a/net/cert/cert_status_flags.h
+++ b/net/cert/cert_status_flags.h
@@ -35,11 +35,21 @@ static const CertStatus CERT_STATUS_WEAK_KEY                   = 1 << 11;
 static const CertStatus CERT_STATUS_WEAK_DH_KEY                = 1 << 12;
 static const CertStatus CERT_STATUS_PINNED_KEY_MISSING         = 1 << 13;
 
-// Bits 16 to 31 are for non-error statuses.
+// Bits 16 to 29 are for non-error statuses.
 static const CertStatus CERT_STATUS_IS_EV                      = 1 << 16;
 static const CertStatus CERT_STATUS_REV_CHECKING_ENABLED       = 1 << 17;
 // bit 18 was CERT_STATUS_IS_DNSSEC.
 
+// Bits 30, 31 are for Certificate Transparency.
+static const int CERTIFICATE_TRANSPARENCY_STATUS_SHIFT = 30;
+static const int CERTIFICATE_TRANSPARENCY_STATUS_MASK = 3;
+enum {
+  CERT_TRANSPARENCY_NO_SCTS = 0,
+  CERT_TRANSPARENCY_SCT_FROM_UNKNOWN_LOGS = 1,
+  CERT_TRANSPARENCY_SCT_FAILED_VALIDATION = 2,
+  CERT_TRANSPARENCY_SCT_VALIDATED_OK = 3,
+};
+
 // Returns true if the specified cert status has an error set.
 static inline bool IsCertStatusError(CertStatus status) {
   return (CERT_STATUS_ALL_ERRORS & status) != 0;
@@ -58,6 +68,11 @@ NET_EXPORT CertStatus MapNetErrorToCertStatus(int error);
 // to the equivalent network error code.
 NET_EXPORT int MapCertStatusToNetError(CertStatus cert_status);
 
+inline int CertificateTransparencyStateFromCertStatus(CertStatus cert_status) {
+  return (cert_status >> CERTIFICATE_TRANSPARENCY_STATUS_SHIFT) &
+         CERTIFICATE_TRANSPARENCY_STATUS_MASK;
+}
+
 }  // namespace net
 
 #endif  // NET_CERT_CERT_STATUS_FLAGS_H_