net: enable CRL sets behind a command line flag.

This change introduces a command line flag for enabling CRL sets while the
serving side is still in development.

It contains code for NSS (revocation checking will proceed as normal on other
platforms).

BUG=none
TEST=none


Review URL: http://codereview.chromium.org/8342054

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@107131 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 0 deletions

diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h
index 94a6f4a..b4677d2 100644
--- a/net/base/x509_certificate.h
+++ b/net/base/x509_certificate.h
@@ -44,6 +44,7 @@ class RSAPrivateKey;
 
 namespace net {
 
+class CRLSet;
 class CertVerifyResult;
 
 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
@@ -320,8 +321,12 @@ class NET_EXPORT X509Certificate
   // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation
   // checking is performed.  If VERIFY_EV_CERT is set in |flags| too,
   // EV certificate verification is performed.
+  //
+  // |crl_set| points to an optional CRLSet structure which can be used to
+  // avoid revocation checks over the network.
   int Verify(const std::string& hostname,
              int flags,
+             CRLSet* crl_set,
              CertVerifyResult* verify_result) const;
 
   // Verifies that |hostname| matches this certificate.
@@ -416,6 +421,7 @@ class NET_EXPORT X509Certificate
   // Parameters and return value are as per Verify().
   int VerifyInternal(const std::string& hostname,
                      int flags,
+                     CRLSet* crl_set,
                      CertVerifyResult* verify_result) const;
 
   // The serial number, DER encoded.