net: don't pass the CRLSet in the SSLConfig.

The SSLConfig was a poor choice of location to carry the CRLSet because the
CRLSet can be updated while Chrome is running, but the SSLConfig is relatively
static and is cached in several places in the code.

This change causes the locations which call X509Certificate::Verify to grab a
new reference to the current CRLSet.

BUG=none
TEST=compiles


Review URL: http://codereview.chromium.org/9044011

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@116720 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 4 insertions, 2 deletions

diff --git a/net/socket/ssl_host_info.cc b/net/socket/ssl_host_info.cc
index ad9165c..bc4a43e 100644
--- a/net/socket/ssl_host_info.cc
+++ b/net/socket/ssl_host_info.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -8,6 +8,7 @@
 #include "base/metrics/histogram.h"
 #include "base/pickle.h"
 #include "base/string_piece.h"
+#include "net/base/crl_set.h"
 #include "net/base/ssl_config_service.h"
 #include "net/base/x509_certificate.h"
 #include "net/socket/ssl_client_socket.h"
@@ -112,8 +113,9 @@ bool SSLHostInfo::ParseInner(const std::string& data) {
       VLOG(1) << "Kicking off verification for " << hostname_;
       verification_start_time_ = base::TimeTicks::Now();
       verification_end_time_ = base::TimeTicks();
+      scoped_refptr<CRLSet> crl_set(SSLConfigService::GetCRLSet());
       int rv = verifier_.Verify(
-          cert_.get(), hostname_, flags, crl_set_, &cert_verify_result_,
+          cert_.get(), hostname_, flags, crl_set, &cert_verify_result_,
           base::Bind(&SSLHostInfo::VerifyCallback, weak_factory_.GetWeakPtr()),
           // TODO(willchan): Figure out how to use NetLog here.
           BoundNetLog());