Implement SSL certificate error handling on the Mac. If the user gives

us bad certs to allow, we tell SecureTransport to not verify the server
cert, and only allow the cert to be one of the bad certs the user allows.

In the future we should figure out how to verify the server cert ourselves.

R=avi,eroman
BUG=http://crbug.com/11983
TEST=Visit https://www.ssl247.com/ and https://alioth.debian.org/.  Clicking
the "Proceed anyway" button should bring you to the site with a red
"https" in the location bar. 
Review URL: http://codereview.chromium.org/165191

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23321 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 3 insertions, 3 deletions

diff --git a/net/socket/ssl_client_socket_win.cc b/net/socket/ssl_client_socket_win.cc
index fba04ea..474f630 100644
--- a/net/socket/ssl_client_socket_win.cc
+++ b/net/socket/ssl_client_socket_win.cc
@@ -873,10 +873,10 @@ int SSLClientSocketWin::DoVerifyCertComplete(int result) {
   // result of verifier_.Verify.
   // Eventually, we should cache the cert verification results so that we don't
   // need to call verifier_.Verify repeatedly. But for now we need to do this.
-  // Alternatively, we might be able to store the cert's status along with
-  // the cert in the allowed_bad_certs_ set.
+  // Alternatively, we could use the cert's status that we stored along with
+  // the cert in the allowed_bad_certs vector.
   if (IsCertificateError(result) &&
-      ssl_config_.allowed_bad_certs_.count(server_cert_))
+      ssl_config_.IsAllowedBadCert(server_cert_))
     result = OK;
 
   LogConnectionTypeMetrics();