Move certificate verification off the IO thread.

Move the MapNetErrorToCertStatus and MapCertStatusToNetError
functions to cert_status_flags.h so they can be shared with
Mac and Linux code.

Move the certificate verification function to the
X509Certificate class.  Right now X509Certificate::Verify is
only implemented on Windows.

R=eroman
BUG=3592
Review URL: http://codereview.chromium.org/14915

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9084 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 4 deletions

diff --git a/net/base/cert_verifier.h b/net/base/cert_verifier.h
index 06f7cef..051bc25 100644
--- a/net/base/cert_verifier.h
+++ b/net/base/cert_verifier.h
@@ -13,6 +13,7 @@
 
 namespace net {
 
+class CertVerifyResult;
 class X509Certificate;
 
 // This class represents the task of verifying a certificate.  It can only
@@ -35,9 +36,10 @@ class CertVerifier {
   // Verifies the given certificate against the given hostname.  Returns OK if
   // successful or an error code upon failure.
   //
-  // The |cert_status| bitmask is always filled out regardless of the return
-  // value.  If the certificate has multiple errors, the corresponding status
-  // flags are set in |cert_status|, and the error code for the most serious
+  // The |*verify_result| structure, including the |verify_result->cert_status|
+  // bitmask, is always filled out regardless of the return value.  If the
+  // certificate has multiple errors, the corresponding status flags are set in
+  // |verify_result->cert_status|, and the error code for the most serious
   // error is returned.
   //
   // If |rev_checking_enabled| is true, certificate revocation checking is
@@ -50,7 +52,7 @@ class CertVerifier {
   // be passed to the callback when available.
   //
   int Verify(X509Certificate* cert, const std::string& hostname,
-             bool rev_checking_enabled, int* cert_status,
+             bool rev_checking_enabled, CertVerifyResult* verify_result,
              CompletionCallback* callback);
 
  private: