Index: net/socket/ssl_client_socket_nss.h |
diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h |
index b41d28d74a8472ddbfb3635e72f1b5f47fc971e5..1cea8b2a3921f47b3ad389042ab05d268e9c7b0c 100644 |
--- a/net/socket/ssl_client_socket_nss.h |
+++ b/net/socket/ssl_client_socket_nss.h |
@@ -24,6 +24,7 @@ |
#include "net/base/net_log.h" |
#include "net/base/nss_memio.h" |
#include "net/cert/cert_verify_result.h" |
+#include "net/cert/ct_verify_result.h" |
#include "net/cert/x509_certificate.h" |
#include "net/socket/ssl_client_socket.h" |
#include "net/ssl/server_bound_cert_service.h" |
@@ -37,6 +38,7 @@ namespace net { |
class BoundNetLog; |
class CertVerifier; |
+class CTVerifier; |
class ClientSocketHandle; |
class ServerBoundCertService; |
class SingleRequestCertVerifier; |
@@ -135,6 +137,8 @@ class SSLClientSocketNSS : public SSLClientSocket { |
int DoVerifyCert(int result); |
int DoVerifyCertComplete(int result); |
+ void VerifyCT(); |
+ |
void LogConnectionTypeMetrics() const; |
// The following methods are for debugging bug 65948. Will remove this code |
@@ -158,6 +162,10 @@ class SSLClientSocketNSS : public SSLClientSocket { |
CertVerifier* const cert_verifier_; |
scoped_ptr<SingleRequestCertVerifier> verifier_; |
+ // Certificate Transparency: Verifier and result holder. |
+ ct::CTVerifyResult ct_verify_result_; |
+ CTVerifier* cert_transparency_verifier_; |
+ |
// The service for retrieving Channel ID keys. May be NULL. |
ServerBoundCertService* server_bound_cert_service_; |