Remove SSLHostInfo.

BUG=105208 TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144468 0039d316-1c4b-4281-b951-d872f2087c98
author: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-06-27 16:48:46 +0000
committer: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-06-27 16:48:46 +0000
commit: efe22215cad3c4541a443339d948c226d54e44c5 (patch)
tree: 2e8f8489f6b89a594bdb891120324c730178a087 /net/socket
parent: f18531246f728226c9b2a62f425dfb8db38af243 (diff)
download: chromium_src-efe22215cad3c4541a443339d948c226d54e44c5.zip
chromium_src-efe22215cad3c4541a443339d948c226d54e44c5.tar.gz
chromium_src-efe22215cad3c4541a443339d948c226d54e44c5.tar.bz2
18 files changed, 34 insertions, 581 deletions
diff --git a/net/socket/client_socket_factory.cc b/net/socket/client_socket_factory.cc
index 77fb481..f507f4e 100644
--- a/net/socket/client_socket_factory.cc
+++ b/net/socket/client_socket_factory.cc
@@ -21,7 +21,6 @@
 #include "net/socket/ssl_client_socket_mac.h"
 #include "net/socket/ssl_client_socket_nss.h"
 #endif
-#include "net/socket/ssl_host_info.h"
 #include "net/socket/tcp_client_socket.h"
 #include "net/udp/udp_client_socket.h"
 
@@ -92,10 +91,7 @@ class DefaultClientSocketFactory : public ClientSocketFactory,
       ClientSocketHandle* transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config,
-      SSLHostInfo* ssl_host_info,
       const SSLClientSocketContext& context) {
-    scoped_ptr<SSLHostInfo> shi(ssl_host_info);
-
     // nss_thread_task_runner_ may be NULL if g_use_dedicated_nss_thread is
     // false or if the dedicated NSS thread failed to start. If so, cause NSS
     // functions to execute on the current task runner.
@@ -115,15 +111,14 @@ class DefaultClientSocketFactory : public ClientSocketFactory,
                                       ssl_config, context);
 #elif defined(USE_NSS)
     return new SSLClientSocketNSS(nss_task_runner, transport_socket,
-                                  host_and_port, ssl_config, shi.release(),
-                                  context);
+                                  host_and_port, ssl_config, context);
 #elif defined(OS_WIN)
     if (g_use_system_ssl) {
       return new SSLClientSocketWin(transport_socket, host_and_port,
                                     ssl_config, context);
     }
     return new SSLClientSocketNSS(nss_task_runner, transport_socket,
-                                  host_and_port, ssl_config, shi.release(),
+                                  host_and_port, ssl_config,
                                   context);
 #elif defined(OS_MACOSX)
     if (g_use_system_ssl) {
@@ -131,7 +126,7 @@ class DefaultClientSocketFactory : public ClientSocketFactory,
                                     ssl_config, context);
     }
     return new SSLClientSocketNSS(nss_task_runner, transport_socket,
-                                  host_and_port, ssl_config, shi.release(),
+                                  host_and_port, ssl_config,
                                   context);
 #else
     NOTIMPLEMENTED();
@@ -158,12 +153,11 @@ SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket(
     StreamSocket* transport_socket,
     const HostPortPair& host_and_port,
     const SSLConfig& ssl_config,
-    SSLHostInfo* ssl_host_info,
     const SSLClientSocketContext& context) {
   ClientSocketHandle* socket_handle = new ClientSocketHandle();
   socket_handle->set_socket(transport_socket);
   return CreateSSLClientSocket(socket_handle, host_and_port, ssl_config,
-                               ssl_host_info, context);
+                               context);
 }
 
 // static
diff --git a/net/socket/client_socket_factory.h b/net/socket/client_socket_factory.h
index 884fc4f..ad14c1d 100644
--- a/net/socket/client_socket_factory.h
+++ b/net/socket/client_socket_factory.h
@@ -23,7 +23,6 @@ class HostPortPair;
 class SSLClientSocket;
 struct SSLClientSocketContext;
 struct SSLConfig;
-class SSLHostInfo;
 class StreamSocket;
 
 // An interface used to instantiate StreamSocket objects.  Used to facilitate
@@ -52,7 +51,6 @@ class NET_EXPORT ClientSocketFactory {
       ClientSocketHandle* transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config,
-      SSLHostInfo* ssl_host_info,
       const SSLClientSocketContext& context) = 0;
 
   // Deprecated function (http://crbug.com/37810) that takes a StreamSocket.
@@ -60,7 +58,6 @@ class NET_EXPORT ClientSocketFactory {
       StreamSocket* transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config,
-      SSLHostInfo* ssl_host_info,
       const SSLClientSocketContext& context);
 
   // Clears cache used for SSL session resumption.
diff --git a/net/socket/client_socket_pool_base_unittest.cc b/net/socket/client_socket_pool_base_unittest.cc
index 24dde96..b53c775 100644
--- a/net/socket/client_socket_pool_base_unittest.cc
+++ b/net/socket/client_socket_pool_base_unittest.cc
@@ -28,7 +28,6 @@
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/client_socket_pool_histograms.h"
 #include "net/socket/socket_test_util.h"
-#include "net/socket/ssl_host_info.h"
 #include "net/socket/stream_socket.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -157,10 +156,8 @@ class MockClientSocketFactory : public ClientSocketFactory {
       ClientSocketHandle* transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config,
-      SSLHostInfo* ssl_host_info,
       const SSLClientSocketContext& context) {
     NOTIMPLEMENTED();
-    delete ssl_host_info;
     return NULL;
   }
 
diff --git a/net/socket/client_socket_pool_manager_impl.cc b/net/socket/client_socket_pool_manager_impl.cc
index 2124cc7..b67ad0d 100644
--- a/net/socket/client_socket_pool_manager_impl.cc
+++ b/net/socket/client_socket_pool_manager_impl.cc
@@ -40,7 +40,6 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl(
     CertVerifier* cert_verifier,
     ServerBoundCertService* server_bound_cert_service,
     TransportSecurityState* transport_security_state,
-    SSLHostInfoFactory* ssl_host_info_factory,
     const std::string& ssl_session_cache_shard,
     ProxyService* proxy_service,
     SSLConfigService* ssl_config_service,
@@ -51,7 +50,6 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl(
       cert_verifier_(cert_verifier),
       server_bound_cert_service_(server_bound_cert_service),
       transport_security_state_(transport_security_state),
-      ssl_host_info_factory_(ssl_host_info_factory),
       ssl_session_cache_shard_(ssl_session_cache_shard),
       proxy_service_(proxy_service),
       ssl_config_service_(ssl_config_service),
@@ -71,7 +69,6 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl(
           cert_verifier,
           server_bound_cert_service,
           transport_security_state,
-          ssl_host_info_factory,
           ssl_session_cache_shard,
           socket_factory,
           transport_socket_pool_.get(),
@@ -291,7 +288,6 @@ ClientSocketPoolManagerImpl::GetSocketPoolForHTTPProxy(
                   cert_verifier_,
                   server_bound_cert_service_,
                   transport_security_state_,
-                  ssl_host_info_factory_,
                   ssl_session_cache_shard_,
                   socket_factory_,
                   tcp_https_ret.first->second /* https proxy */,
@@ -331,7 +327,6 @@ SSLClientSocketPool* ClientSocketPoolManagerImpl::GetSocketPoolForSSLWithProxy(
       cert_verifier_,
       server_bound_cert_service_,
       transport_security_state_,
-      ssl_host_info_factory_,
       ssl_session_cache_shard_,
       socket_factory_,
       NULL, /* no tcp pool, we always go through a proxy */
diff --git a/net/socket/client_socket_pool_manager_impl.h b/net/socket/client_socket_pool_manager_impl.h
index eff1a36..b51b830 100644
--- a/net/socket/client_socket_pool_manager_impl.h
+++ b/net/socket/client_socket_pool_manager_impl.h
@@ -32,7 +32,6 @@ class ProxyService;
 class SOCKSClientSocketPool;
 class SSLClientSocketPool;
 class SSLConfigService;
-class SSLHostInfoFactory;
 class TransportClientSocketPool;
 class TransportSecurityState;
 
@@ -64,7 +63,6 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe,
                               CertVerifier* cert_verifier,
                               ServerBoundCertService* server_bound_cert_service,
                               TransportSecurityState* transport_security_state,
-                              SSLHostInfoFactory* ssl_host_info_factory,
                               const std::string& ssl_session_cache_shard,
                               ProxyService* proxy_service,
                               SSLConfigService* ssl_config_service,
@@ -111,7 +109,6 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe,
   CertVerifier* const cert_verifier_;
   ServerBoundCertService* const server_bound_cert_service_;
   TransportSecurityState* const transport_security_state_;
-  SSLHostInfoFactory* const ssl_host_info_factory_;
   const std::string ssl_session_cache_shard_;
   ProxyService* const proxy_service_;
   const scoped_refptr<SSLConfigService> ssl_config_service_;
diff --git a/net/socket/socket_test_util.cc b/net/socket/socket_test_util.cc
index b33fa1b..1db1472 100644
--- a/net/socket/socket_test_util.cc
+++ b/net/socket/socket_test_util.cc
@@ -23,7 +23,6 @@
 #include "net/http/http_response_headers.h"
 #include "net/socket/client_socket_pool_histograms.h"
 #include "net/socket/socket.h"
-#include "net/socket/ssl_host_info.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 #define NET_TRACE(level, s)   DLOG(level) << s << __FUNCTION__ << "() "
@@ -643,11 +642,10 @@ SSLClientSocket* MockClientSocketFactory::CreateSSLClientSocket(
     ClientSocketHandle* transport_socket,
     const HostPortPair& host_and_port,
     const SSLConfig& ssl_config,
-    SSLHostInfo* ssl_host_info,
     const SSLClientSocketContext& context) {
   MockSSLClientSocket* socket =
       new MockSSLClientSocket(transport_socket, host_and_port, ssl_config,
-                              ssl_host_info, mock_ssl_data_.GetNext());
+                              mock_ssl_data_.GetNext());
   return socket;
 }
 
@@ -1081,7 +1079,6 @@ MockSSLClientSocket::MockSSLClientSocket(
     ClientSocketHandle* transport_socket,
     const HostPortPair& host_port_pair,
     const SSLConfig& ssl_config,
-    SSLHostInfo* ssl_host_info,
     SSLSocketDataProvider* data)
     : MockClientSocket(transport_socket->socket()->NetLog().net_log()),
       transport_(transport_socket),
@@ -1092,7 +1089,6 @@ MockSSLClientSocket::MockSSLClientSocket(
       protocol_negotiated_(kProtoUnknown) {
   DCHECK(data_);
   peer_addr_ = data->connect.peer_addr;
-  delete ssl_host_info;  // we take ownership but don't use it.
 }
 
 MockSSLClientSocket::~MockSSLClientSocket() {
@@ -1589,11 +1585,10 @@ SSLClientSocket* DeterministicMockClientSocketFactory::CreateSSLClientSocket(
     ClientSocketHandle* transport_socket,
     const HostPortPair& host_and_port,
     const SSLConfig& ssl_config,
-    SSLHostInfo* ssl_host_info,
     const SSLClientSocketContext& context) {
   MockSSLClientSocket* socket =
       new MockSSLClientSocket(transport_socket, host_and_port, ssl_config,
-                              ssl_host_info, mock_ssl_data_.GetNext());
+                              mock_ssl_data_.GetNext());
   ssl_client_sockets_.push_back(socket);
   return socket;
 }
diff --git a/net/socket/socket_test_util.h b/net/socket/socket_test_util.h
index 431c4913c4..26a5075 100644
--- a/net/socket/socket_test_util.h
+++ b/net/socket/socket_test_util.h
@@ -50,7 +50,6 @@ class AsyncSocket;
 class MockClientSocket;
 class ServerBoundCertService;
 class SSLClientSocket;
-class SSLHostInfo;
 class StreamSocket;
 
 enum IoMode {
@@ -569,7 +568,6 @@ class MockClientSocketFactory : public ClientSocketFactory {
       ClientSocketHandle* transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config,
-      SSLHostInfo* ssl_host_info,
       const SSLClientSocketContext& context) OVERRIDE;
   virtual void ClearSSLSessionCache() OVERRIDE;
 
@@ -737,7 +735,6 @@ class MockSSLClientSocket : public MockClientSocket, public AsyncSocket {
       ClientSocketHandle* transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config,
-      SSLHostInfo* ssl_host_info,
       SSLSocketDataProvider* socket);
   virtual ~MockSSLClientSocket();
 
@@ -1004,7 +1001,6 @@ class DeterministicMockClientSocketFactory : public ClientSocketFactory {
       ClientSocketHandle* transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config,
-      SSLHostInfo* ssl_host_info,
       const SSLClientSocketContext& context) OVERRIDE;
   virtual void ClearSSLSessionCache() OVERRIDE;
 
diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h
index 06ed692..61986be 100644
--- a/net/socket/ssl_client_socket.h
+++ b/net/socket/ssl_client_socket.h
@@ -19,8 +19,6 @@ namespace net {
 class CertVerifier;
 class ServerBoundCertService;
 class SSLCertRequestInfo;
-class SSLHostInfo;
-class SSLHostInfoFactory;
 class SSLInfo;
 class TransportSecurityState;
 
@@ -30,24 +28,20 @@ struct SSLClientSocketContext {
   SSLClientSocketContext()
       : cert_verifier(NULL),
         server_bound_cert_service(NULL),
-        transport_security_state(NULL),
-        ssl_host_info_factory(NULL) {}
+        transport_security_state(NULL) {}
 
   SSLClientSocketContext(CertVerifier* cert_verifier_arg,
                          ServerBoundCertService* server_bound_cert_service_arg,
                          TransportSecurityState* transport_security_state_arg,
-                         SSLHostInfoFactory* ssl_host_info_factory_arg,
                          const std::string& ssl_session_cache_shard_arg)
       : cert_verifier(cert_verifier_arg),
         server_bound_cert_service(server_bound_cert_service_arg),
         transport_security_state(transport_security_state_arg),
-        ssl_host_info_factory(ssl_host_info_factory_arg),
         ssl_session_cache_shard(ssl_session_cache_shard_arg) {}
 
   CertVerifier* cert_verifier;
   ServerBoundCertService* server_bound_cert_service;
   TransportSecurityState* transport_security_state;
-  SSLHostInfoFactory* ssl_host_info_factory;
   // ssl_session_cache_shard is an opaque string that identifies a shard of the
   // SSL session cache. SSL sockets with the same ssl_session_cache_shard may
   // resume each other's SSL sessions but we'll never sessions between shards.
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index af08f71..c303829 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -104,7 +104,6 @@
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/nss_ssl_util.h"
 #include "net/socket/ssl_error_params.h"
-#include "net/socket/ssl_host_info.h"
 
 #if defined(OS_WIN)
 #include <windows.h>
@@ -531,7 +530,6 @@ struct HandshakeState {
     client_certs.clear();
     server_cert_chain.Reset(NULL);
     server_cert = NULL;
-    predicted_cert_chain_correct = false;
     resumed_handshake = false;
     ssl_connection_status = 0;
   }
@@ -562,11 +560,6 @@ struct HandshakeState {
   PeerCertificateChain server_cert_chain;
   scoped_refptr<X509Certificate> server_cert;
 
-  // True if we predicted a certificate chain (via
-  // Core::SetPredictedCertificates) and that prediction matched what the
-  // server sent.
-  bool predicted_cert_chain_correct;
-
   // True if the current handshake was the result of TLS session resumption.
   bool resumed_handshake;
 
@@ -1746,26 +1739,6 @@ void SSLClientSocketNSS::Core::HandshakeCallback(
   core->UpdateServerCert();
   core->UpdateConnectionStatus();
 
-  // We need to see if the predicted certificate chain (from
-  // SetPredictedCertificates) matches the actual certificate chain.
-  nss_state->predicted_cert_chain_correct = false;
-  if (!core->predicted_certs_.empty()) {
-    PeerCertificateChain& certs = nss_state->server_cert_chain;
-    nss_state->predicted_cert_chain_correct =
-        certs.size() == core->predicted_certs_.size();
-
-    if (nss_state->predicted_cert_chain_correct) {
-      for (unsigned i = 0; i < certs.size(); i++) {
-        if (certs[i]->derCert.len != core->predicted_certs_[i].size() ||
-            memcmp(certs[i]->derCert.data, core->predicted_certs_[i].data(),
-                   certs[i]->derCert.len) != 0) {
-          nss_state->predicted_cert_chain_correct = false;
-          break;
-        }
-      }
-    }
-  }
-
   // Update the network task runners view of the handshake state whenever
   // a handshake has completed.
   core->PostOrRunCallback(
@@ -2011,8 +1984,7 @@ int SSLClientSocketNSS::Core::DoHandshake() {
   #if defined(SSL_ENABLE_OCSP_STAPLING)
       // TODO(agl): figure out how to plumb an OCSP response into the Mac
       // system library and update IsOCSPStaplingSupported for Mac.
-      if (!nss_handshake_state_.predicted_cert_chain_correct &&
-          IsOCSPStaplingSupported()) {
+      if (IsOCSPStaplingSupported()) {
         unsigned int len = 0;
         SSL_GetStapledOCSPResponse(nss_fd_, NULL, &len);
         if (len) {
@@ -2748,13 +2720,11 @@ SSLClientSocketNSS::SSLClientSocketNSS(
     ClientSocketHandle* transport_socket,
     const HostPortPair& host_and_port,
     const SSLConfig& ssl_config,
-    SSLHostInfo* ssl_host_info,
     const SSLClientSocketContext& context)
     : nss_task_runner_(nss_task_runner),
       transport_(transport_socket),
       host_and_port_(host_and_port),
       ssl_config_(ssl_config),
-      server_cert_verify_result_(NULL),
       cert_verifier_(context.cert_verifier),
       server_bound_cert_service_(context.server_bound_cert_service),
       ssl_session_cache_shard_(context.ssl_session_cache_shard),
@@ -2762,7 +2732,6 @@ SSLClientSocketNSS::SSLClientSocketNSS(
       next_handshake_state_(STATE_NONE),
       nss_fd_(NULL),
       net_log_(transport_socket->socket()->NetLog()),
-      ssl_host_info_(ssl_host_info),
       transport_security_state_(context.transport_security_state),
       valid_thread_id_(base::kInvalidThreadId) {
   EnterFunction("");
@@ -2794,18 +2763,18 @@ void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
     return;
   }
 
-  ssl_info->cert_status = server_cert_verify_result_->cert_status;
-  ssl_info->cert = server_cert_verify_result_->verified_cert;
+  ssl_info->cert_status = server_cert_verify_result_.cert_status;
+  ssl_info->cert = server_cert_verify_result_.verified_cert;
   ssl_info->connection_status =
       core_->state().ssl_connection_status;
-  ssl_info->public_key_hashes = server_cert_verify_result_->public_key_hashes;
+  ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
   for (std::vector<SHA1Fingerprint>::const_iterator
        i = side_pinned_public_keys_.begin();
        i != side_pinned_public_keys_.end(); i++) {
     ssl_info->public_key_hashes.push_back(*i);
   }
   ssl_info->is_issued_by_known_root =
-      server_cert_verify_result_->is_issued_by_known_root;
+      server_cert_verify_result_.is_issued_by_known_root;
   ssl_info->client_cert_sent =
       ssl_config_.send_client_cert && ssl_config_.client_cert;
   ssl_info->channel_id_sent = WasChannelIDSent();
@@ -2896,11 +2865,7 @@ int SSLClientSocketNSS::Connect(const CompletionCallback& callback) {
     return rv;
   }
 
-  if (ssl_config_.cached_info_enabled && ssl_host_info_.get()) {
-    GotoState(STATE_LOAD_SSL_HOST_INFO);
-  } else {
-    GotoState(STATE_HANDSHAKE);
-  }
+  GotoState(STATE_HANDSHAKE);
 
   rv = DoHandshakeLoop(OK);
   if (rv == ERR_IO_PENDING) {
@@ -2925,8 +2890,7 @@ void SSLClientSocketNSS::Disconnect() {
 
   // Reset object state.
   user_connect_callback_.Reset();
-  local_server_cert_verify_result_.Reset();
-  server_cert_verify_result_ = NULL;
+  server_cert_verify_result_.Reset();
   completed_handshake_   = false;
   start_cert_verification_time_ = base::TimeTicks();
   InitCore();
@@ -3286,34 +3250,6 @@ void SSLClientSocketNSS::OnHandshakeIOComplete(int result) {
   LeaveFunction("");
 }
 
-void SSLClientSocketNSS::LoadSSLHostInfo() {
-  const SSLHostInfo::State& state(ssl_host_info_->state());
-
-  if (state.certs.empty())
-    return;
-
-  const std::vector<std::string>& certs_in = state.certs;
-  core_->SetPredictedCertificates(certs_in);
-}
-
-int SSLClientSocketNSS::DoLoadSSLHostInfo() {
-  EnterFunction("");
-  int rv = ssl_host_info_->WaitForDataReady(
-      base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
-                 base::Unretained(this)));
-  GotoState(STATE_HANDSHAKE);
-
-  if (rv == OK) {
-    LoadSSLHostInfo();
-  } else {
-    DCHECK_EQ(ERR_IO_PENDING, rv);
-    GotoState(STATE_LOAD_SSL_HOST_INFO);
-  }
-
-  LeaveFunction("");
-  return rv;
-}
-
 int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) {
   EnterFunction(last_io_result);
   int rv = last_io_result;
@@ -3326,10 +3262,6 @@ int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) {
     State state = next_handshake_state_;
     GotoState(STATE_NONE);
     switch (state) {
-      case STATE_LOAD_SSL_HOST_INFO:
-        DCHECK(rv == OK || rv == ERR_IO_PENDING);
-        rv = DoLoadSSLHostInfo();
-        break;
       case STATE_HANDSHAKE:
         rv = DoHandshake();
         break;
@@ -3372,7 +3304,6 @@ int SSLClientSocketNSS::DoHandshakeComplete(int result) {
   EnterFunction(result);
 
   if (result == OK) {
-    SaveSSLHostInfo();
     // SSL handshake is completed. Let's verify the certificate.
     GotoState(STATE_VERIFY_DNSSEC);
     // Done!
@@ -3392,10 +3323,8 @@ int SSLClientSocketNSS::DoVerifyDNSSEC(int result) {
       host_and_port_.host(), core_->state().server_cert_chain[0],
       host_and_port_.port());
   if (r == DNSVR_SUCCESS) {
-    local_server_cert_verify_result_.cert_status |= CERT_STATUS_IS_DNSSEC;
-    local_server_cert_verify_result_.verified_cert =
-        core_->state().server_cert;
-    server_cert_verify_result_ = &local_server_cert_verify_result_;
+    server_cert_verify_result_.cert_status |= CERT_STATUS_IS_DNSSEC;
+    server_cert_verify_result_.verified_cert = core_->state().server_cert;
     GotoState(STATE_VERIFY_CERT_COMPLETE);
     return OK;
   }
@@ -3421,46 +3350,22 @@ int SSLClientSocketNSS::DoVerifyCert(int result) {
   if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) {
     DCHECK(start_cert_verification_time_.is_null());
     VLOG(1) << "Received an expected bad cert with status: " << cert_status;
-    server_cert_verify_result_ = &local_server_cert_verify_result_;
-    local_server_cert_verify_result_.Reset();
-    local_server_cert_verify_result_.cert_status = cert_status;
-    local_server_cert_verify_result_.verified_cert =
-        core_->state().server_cert;
+    server_cert_verify_result_.Reset();
+    server_cert_verify_result_.cert_status = cert_status;
+    server_cert_verify_result_.verified_cert = core_->state().server_cert;
     return OK;
   }
 
   // We may have failed to create X509Certificate object if we are
   // running inside sandbox.
   if (!core_->state().server_cert) {
-    server_cert_verify_result_ = &local_server_cert_verify_result_;
-    local_server_cert_verify_result_.Reset();
-    local_server_cert_verify_result_.cert_status = CERT_STATUS_INVALID;
+    server_cert_verify_result_.Reset();
+    server_cert_verify_result_.cert_status = CERT_STATUS_INVALID;
     return ERR_CERT_INVALID;
   }
 
   start_cert_verification_time_ = base::TimeTicks::Now();
 
-  if (ssl_host_info_.get() && !ssl_host_info_->state().certs.empty() &&
-      core_->state().predicted_cert_chain_correct) {
-    // If the SSLHostInfo had a prediction for the certificate chain of this
-    // server then it will have optimistically started a verification of that
-    // chain. So, if the prediction was correct, we should wait for that
-    // verification to finish rather than start our own.
-    net_log_.AddEvent(NetLog::TYPE_SSL_VERIFICATION_MERGED);
-    UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 1 /* true */, 2);
-    base::TimeTicks end_time = ssl_host_info_->verification_end_time();
-    if (end_time.is_null())
-      end_time = base::TimeTicks::Now();
-    UMA_HISTOGRAM_TIMES("Net.SSLVerificationMergedMsSaved",
-                        end_time - ssl_host_info_->verification_start_time());
-    server_cert_verify_result_ = &ssl_host_info_->cert_verify_result();
-    return ssl_host_info_->WaitForCertVerification(
-        base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
-                   base::Unretained(this)));
-  } else {
-    UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2);
-  }
-
   int flags = 0;
   if (ssl_config_.rev_checking_enabled)
     flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
@@ -3469,10 +3374,9 @@ int SSLClientSocketNSS::DoVerifyCert(int result) {
   if (ssl_config_.cert_io_enabled)
     flags |= X509Certificate::VERIFY_CERT_IO_ENABLED;
   verifier_.reset(new SingleRequestCertVerifier(cert_verifier_));
-  server_cert_verify_result_ = &local_server_cert_verify_result_;
   return verifier_->Verify(
       core_->state().server_cert, host_and_port_.host(), flags,
-      SSLConfigService::GetCRLSet(), &local_server_cert_verify_result_,
+      SSLConfigService::GetCRLSet(), &server_cert_verify_result_,
       base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
                  base::Unretained(this)),
       net_log_);
@@ -3520,10 +3424,10 @@ int SSLClientSocketNSS::DoVerifyCertComplete(int result) {
   // merges into a SPDY connection to www.example.com, and gets a different
   // certificate.
 
-  const CertStatus cert_status = server_cert_verify_result_->cert_status;
+  const CertStatus cert_status = server_cert_verify_result_.cert_status;
   if ((result == OK || (IsCertificateError(result) &&
                         IsCertStatusMinorError(cert_status))) &&
-      server_cert_verify_result_->is_issued_by_known_root &&
+      server_cert_verify_result_.is_issued_by_known_root &&
       transport_security_state_) {
     bool sni_available =
         ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 ||
@@ -3535,7 +3439,7 @@ int SSLClientSocketNSS::DoVerifyCertComplete(int result) {
                                                   &domain_state) &&
         domain_state.HasPins()) {
       if (!domain_state.IsChainOfPublicKeysPermitted(
-               server_cert_verify_result_->public_key_hashes)) {
+               server_cert_verify_result_.public_key_hashes)) {
         const base::Time build_time = base::GetBuildTime();
         // Pins are not enforced if the build is sufficiently old. Chrome
         // users should get updates every six weeks or so, but it's possible
@@ -3561,15 +3465,15 @@ int SSLClientSocketNSS::DoVerifyCertComplete(int result) {
 
 void SSLClientSocketNSS::LogConnectionTypeMetrics() const {
   UpdateConnectionTypeHistograms(CONNECTION_SSL);
-  if (server_cert_verify_result_->has_md5)
+  if (server_cert_verify_result_.has_md5)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5);
-  if (server_cert_verify_result_->has_md2)
+  if (server_cert_verify_result_.has_md2)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2);
-  if (server_cert_verify_result_->has_md4)
+  if (server_cert_verify_result_.has_md4)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4);
-  if (server_cert_verify_result_->has_md5_ca)
+  if (server_cert_verify_result_.has_md5_ca)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5_CA);
-  if (server_cert_verify_result_->has_md2_ca)
+  if (server_cert_verify_result_.has_md2_ca)
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA);
   int ssl_version = SSLConnectionStatusToVersion(
       core_->state().ssl_connection_status);
@@ -3592,35 +3496,6 @@ void SSLClientSocketNSS::LogConnectionTypeMetrics() const {
   };
 }
 
-// SaveSSLHostInfo saves the certificate chain of the connection so that we can
-// start verification faster in the future.
-void SSLClientSocketNSS::SaveSSLHostInfo() {
-  if (!ssl_host_info_.get())
-    return;
-
-  // If the SSLHostInfo hasn't managed to load from disk yet then we can't save
-  // anything.
-  if (ssl_host_info_->WaitForDataReady(net::CompletionCallback()) != OK)
-    return;
-
-  SSLHostInfo::State* state = ssl_host_info_->mutable_state();
-
-  state->certs.clear();
-  const PeerCertificateChain& certs = core_->state().server_cert_chain;
-  for (unsigned i = 0; i < certs.size(); i++) {
-    if (certs[i] == NULL ||
-        certs[i]->derCert.len > std::numeric_limits<uint16>::max()) {
-      return;
-    }
-
-    state->certs.push_back(std::string(
-          reinterpret_cast<char*>(certs[i]->derCert.data),
-          certs[i]->derCert.len));
-  }
-
-  ssl_host_info_->Persist();
-}
-
 void SSLClientSocketNSS::EnsureThreadIdAssigned() const {
   base::AutoLock auto_lock(lock_);
   if (valid_thread_id_ != base::kInvalidThreadId)
diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h
index 9d6dd94..204b1cb 100644
--- a/net/socket/ssl_client_socket_nss.h
+++ b/net/socket/ssl_client_socket_nss.h
@@ -41,7 +41,6 @@ class CertVerifier;
 class ClientSocketHandle;
 class ServerBoundCertService;
 class SingleRequestCertVerifier;
-class SSLHostInfo;
 class TransportSecurityState;
 class X509Certificate;
 
@@ -64,7 +63,6 @@ class SSLClientSocketNSS : public SSLClientSocket {
                      ClientSocketHandle* transport_socket,
                      const HostPortPair& host_and_port,
                      const SSLConfig& ssl_config,
-                     SSLHostInfo* ssl_host_info,
                      const SSLClientSocketContext& context);
   virtual ~SSLClientSocketNSS();
 
@@ -113,7 +111,6 @@ class SSLClientSocketNSS : public SSLClientSocket {
 
   enum State {
     STATE_NONE,
-    STATE_LOAD_SSL_HOST_INFO,
     STATE_HANDSHAKE,
     STATE_HANDSHAKE_COMPLETE,
     STATE_VERIFY_DNSSEC,
@@ -133,16 +130,12 @@ class SSLClientSocketNSS : public SSLClientSocket {
   void DoConnectCallback(int result);
   void OnHandshakeIOComplete(int result);
 
-  void LoadSSLHostInfo();
-  int DoLoadSSLHostInfo();
-
   int DoHandshakeLoop(int last_io_result);
   int DoHandshake();
   int DoHandshakeComplete(int result);
   int DoVerifyDNSSEC(int result);
   int DoVerifyCert(int result);
   int DoVerifyCertComplete(int result);
-  void SaveSSLHostInfo();
 
   void LogConnectionTypeMetrics() const;
 
@@ -161,11 +154,7 @@ class SSLClientSocketNSS : public SSLClientSocket {
 
   CompletionCallback user_connect_callback_;
 
-  // |server_cert_verify_result_| points at the verification result, which may,
-  // or may not be, |&local_server_cert_verify_result_|, depending on whether
-  // we used an SSLHostInfo's verification.
-  const CertVerifyResult* server_cert_verify_result_;
-  CertVerifyResult local_server_cert_verify_result_;
+  CertVerifyResult server_cert_verify_result_;
   std::vector<SHA1Fingerprint> side_pinned_public_keys_;
 
   CertVerifier* const cert_verifier_;
@@ -193,8 +182,6 @@ class SSLClientSocketNSS : public SSLClientSocket {
 
   base::TimeTicks start_cert_verification_time_;
 
-  scoped_ptr<SSLHostInfo> ssl_host_info_;
-
   TransportSecurityState* transport_security_state_;
 
   // The following two variables are added for debugging bug 65948. Will
diff --git a/net/socket/ssl_client_socket_pool.cc b/net/socket/ssl_client_socket_pool.cc
index 7cdf2f8..842da86 100644
--- a/net/socket/ssl_client_socket_pool.cc
+++ b/net/socket/ssl_client_socket_pool.cc
@@ -18,7 +18,6 @@
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/socks_client_socket_pool.h"
 #include "net/socket/ssl_client_socket.h"
-#include "net/socket/ssl_host_info.h"
 #include "net/socket/transport_client_socket_pool.h"
 
 namespace net {
@@ -189,19 +188,6 @@ int SSLConnectJob::DoLoop(int result) {
 int SSLConnectJob::DoTransportConnect() {
   DCHECK(transport_pool_);
 
-  if (context_.ssl_host_info_factory) {
-      ssl_host_info_.reset(
-          context_.ssl_host_info_factory->GetForHost(
-              params_->host_and_port().host(),
-              params_->ssl_config()));
-  }
-
-  if (ssl_host_info_.get()) {
-    // This starts fetching the SSL host info from the disk cache for early
-    // certificate verification and the TLS cached information extension.
-    ssl_host_info_->Start();
-  }
-
   next_state_ = STATE_TRANSPORT_CONNECT_COMPLETE;
   transport_socket_handle_.reset(new ClientSocketHandle());
   scoped_refptr<TransportSocketParams> transport_params =
@@ -277,7 +263,7 @@ int SSLConnectJob::DoSSLConnect() {
 
   ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket(
       transport_socket_handle_.release(), params_->host_and_port(),
-      params_->ssl_config(), ssl_host_info_.release(), context_));
+      params_->ssl_config(), context_));
   return ssl_socket_->Connect(callback_);
 }
 
@@ -449,7 +435,6 @@ SSLClientSocketPool::SSLClientSocketPool(
     CertVerifier* cert_verifier,
     ServerBoundCertService* server_bound_cert_service,
     TransportSecurityState* transport_security_state,
-    SSLHostInfoFactory* ssl_host_info_factory,
     const std::string& ssl_session_cache_shard,
     ClientSocketFactory* client_socket_factory,
     TransportClientSocketPool* transport_pool,
@@ -472,7 +457,6 @@ SSLClientSocketPool::SSLClientSocketPool(
                                          cert_verifier,
                                          server_bound_cert_service,
                                          transport_security_state,
-                                         ssl_host_info_factory,
                                          ssl_session_cache_shard),
                                      net_log)),
       ssl_config_service_(ssl_config_service) {
diff --git a/net/socket/ssl_client_socket_pool.h b/net/socket/ssl_client_socket_pool.h
index 26e5f56..d84af8c 100644
--- a/net/socket/ssl_client_socket_pool.h
+++ b/net/socket/ssl_client_socket_pool.h
@@ -31,7 +31,6 @@ class HttpProxySocketParams;
 class SOCKSClientSocketPool;
 class SOCKSSocketParams;
 class SSLClientSocket;
-class SSLHostInfoFactory;
 class TransportClientSocketPool;
 class TransportSecurityState;
 class TransportSocketParams;
@@ -154,7 +153,6 @@ class SSLConnectJob : public ConnectJob {
   CompletionCallback callback_;
   scoped_ptr<ClientSocketHandle> transport_socket_handle_;
   scoped_ptr<SSLClientSocket> ssl_socket_;
-  scoped_ptr<SSLHostInfo> ssl_host_info_;
 
   // The time the DoSSLConnect() method was called.
   base::TimeTicks ssl_connect_start_time_;
@@ -179,7 +177,6 @@ class NET_EXPORT_PRIVATE SSLClientSocketPool
       CertVerifier* cert_verifier,
       ServerBoundCertService* server_bound_cert_service,
       TransportSecurityState* transport_security_state,
-      SSLHostInfoFactory* ssl_host_info_factory,
       const std::string& ssl_session_cache_shard,
       ClientSocketFactory* client_socket_factory,
       TransportClientSocketPool* transport_pool,
diff --git a/net/socket/ssl_client_socket_pool_unittest.cc b/net/socket/ssl_client_socket_pool_unittest.cc
index 3eb05fa..34b9951 100644
--- a/net/socket/ssl_client_socket_pool_unittest.cc
+++ b/net/socket/ssl_client_socket_pool_unittest.cc
@@ -99,7 +99,6 @@ class SSLClientSocketPoolTest : public testing::Test {
         NULL /* cert_verifier */,
         NULL /* server_bound_cert_service */,
         NULL /* transport_security_state */,
-        NULL /* ssl_host_info_factory */,
         ""   /* ssl_session_cache_shard */,
         &socket_factory_,
         transport_pool ? &transport_socket_pool_ : NULL,
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index 8806254..0c28b2d 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -44,7 +44,6 @@ class SSLClientSocketTest : public PlatformTest {
     return socket_factory_->CreateSSLClientSocket(transport_socket,
                                                   host_and_port,
                                                   ssl_config,
-                                                  NULL,
                                                   context_);
   }
 
@@ -763,7 +762,7 @@ TEST_F(SSLClientSocketTest, ClientSocketHandleNotFromPool) {
   scoped_ptr<net::SSLClientSocket> sock(
       socket_factory_->CreateSSLClientSocket(
           socket_handle, test_server.host_port_pair(), kDefaultSSLConfig,
-          NULL, context_));
+          context_));
 
   EXPECT_FALSE(sock->IsConnected());
   rv = sock->Connect(callback.callback());
diff --git a/net/socket/ssl_host_info.cc b/net/socket/ssl_host_info.cc
deleted file mode 100644
index f4edcc6..0000000
--- a/net/socket/ssl_host_info.cc
+++ /dev/null
@@ -1,206 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/socket/ssl_host_info.h"
-
-#include "base/bind.h"
-#include "base/metrics/histogram.h"
-#include "base/pickle.h"
-#include "base/string_piece.h"
-#include "net/base/crl_set.h"
-#include "net/base/ssl_config_service.h"
-#include "net/base/x509_certificate.h"
-#include "net/socket/ssl_client_socket.h"
-
-namespace net {
-
-SSLHostInfo::State::State() {}
-
-SSLHostInfo::State::~State() {}
-
-void SSLHostInfo::State::Clear() {
-  certs.clear();
-}
-
-SSLHostInfo::SSLHostInfo(
-    const std::string& hostname,
-    const SSLConfig& ssl_config,
-    CertVerifier* cert_verifier)
-    : cert_verification_complete_(false),
-      cert_verification_error_(ERR_CERT_INVALID),
-      hostname_(hostname),
-      cert_parsing_failed_(false),
-      rev_checking_enabled_(ssl_config.rev_checking_enabled),
-      verify_ev_cert_(ssl_config.verify_ev_cert),
-      verifier_(cert_verifier),
-      ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)) {
-}
-
-SSLHostInfo::~SSLHostInfo() {
-}
-
-const SSLHostInfo::State& SSLHostInfo::state() const {
-  return state_;
-}
-
-SSLHostInfo::State* SSLHostInfo::mutable_state() {
-  return &state_;
-}
-
-bool SSLHostInfo::Parse(const std::string& data) {
-  State* state = mutable_state();
-
-  state->Clear();
-  cert_verification_complete_ = false;
-
-  bool r = ParseInner(data);
-  if (!r)
-    state->Clear();
-  return r;
-}
-
-bool SSLHostInfo::ParseInner(const std::string& data) {
-  State* state = mutable_state();
-
-  Pickle p(data.data(), data.size());
-  PickleIterator iter(p);
-
-  int num_der_certs;
-  if (!p.ReadInt(&iter, &num_der_certs) ||
-      num_der_certs < 0) {
-    return false;
-  }
-
-  for (int i = 0; i < num_der_certs; i++) {
-    std::string der_cert;
-    if (!p.ReadString(&iter, &der_cert))
-      return false;
-    state->certs.push_back(der_cert);
-  }
-
-  // Ignore obsolete members of the State structure.
-  std::string throwaway_string;
-  bool throwaway_bool;
-  // This was state->server_hello.
-  if (!p.ReadString(&iter, &throwaway_string))
-    return false;
-
-  // This was state->npn_valid.
-  if (!p.ReadBool(&iter, &throwaway_bool))
-    return false;
-
-  if (throwaway_bool) {
-    int throwaway_int;
-    // These were state->npn_status and state->npn_protocol.
-    if (!p.ReadInt(&iter, &throwaway_int) ||
-        !p.ReadString(&iter, &throwaway_string)) {
-      return false;
-    }
-  }
-
-  if (!state->certs.empty()) {
-    std::vector<base::StringPiece> der_certs(state->certs.size());
-    for (size_t i = 0; i < state->certs.size(); i++)
-      der_certs[i] = state->certs[i];
-    cert_ = X509Certificate::CreateFromDERCertChain(der_certs);
-    if (cert_.get()) {
-      int flags = 0;
-      if (verify_ev_cert_)
-        flags |= X509Certificate::VERIFY_EV_CERT;
-      if (rev_checking_enabled_)
-        flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
-      VLOG(1) << "Kicking off verification for " << hostname_;
-      verification_start_time_ = base::TimeTicks::Now();
-      verification_end_time_ = base::TimeTicks();
-      scoped_refptr<CRLSet> crl_set(SSLConfigService::GetCRLSet());
-      int rv = verifier_.Verify(
-          cert_.get(), hostname_, flags, crl_set, &cert_verify_result_,
-          base::Bind(&SSLHostInfo::VerifyCallback, weak_factory_.GetWeakPtr()),
-          // TODO(willchan): Figure out how to use NetLog here.
-          BoundNetLog());
-      if (rv != ERR_IO_PENDING)
-        VerifyCallback(rv);
-    } else {
-      cert_parsing_failed_ = true;
-      DCHECK(cert_verification_callback_.is_null());
-    }
-  }
-
-  return true;
-}
-
-std::string SSLHostInfo::Serialize() const {
-  Pickle p(sizeof(Pickle::Header));
-
-  static const unsigned kMaxCertificatesSize = 32 * 1024;
-  unsigned der_certs_size = 0;
-
-  for (std::vector<std::string>::const_iterator
-       i = state_.certs.begin(); i != state_.certs.end(); i++) {
-    der_certs_size += i->size();
-  }
-
-  // We don't care to save the certificates over a certain size.
-  if (der_certs_size > kMaxCertificatesSize)
-    return "";
-
-  if (!p.WriteInt(state_.certs.size()))
-    return "";
-
-  for (std::vector<std::string>::const_iterator
-       i = state_.certs.begin(); i != state_.certs.end(); i++) {
-    if (!p.WriteString(*i))
-      return "";
-  }
-
-  // Write dummy values for obsolete members of the State structure:
-  // state->server_hello and state->npn_valid.
-  if (!p.WriteString("") ||
-      !p.WriteBool(false)) {
-    return "";
-  }
-
-  return std::string(reinterpret_cast<const char *>(p.data()), p.size());
-}
-
-const CertVerifyResult& SSLHostInfo::cert_verify_result() const {
-  return cert_verify_result_;
-}
-
-int SSLHostInfo::WaitForCertVerification(const CompletionCallback& callback) {
-  if (cert_verification_complete_)
-    return cert_verification_error_;
-
-  DCHECK(!cert_parsing_failed_);
-  DCHECK(cert_verification_callback_.is_null());
-  DCHECK(!state_.certs.empty());
-  cert_verification_callback_ = callback;
-  return ERR_IO_PENDING;
-}
-
-void SSLHostInfo::VerifyCallback(int rv) {
-  DCHECK(!verification_start_time_.is_null());
-  base::TimeTicks now = base::TimeTicks::Now();
-  const base::TimeDelta duration = now - verification_start_time();
-  bool is_google = hostname_ == "google.com" ||
-                   (hostname_.size() > 11 &&
-                    hostname_.rfind(".google.com") == hostname_.size() - 11);
-  if (is_google) {
-    UMA_HISTOGRAM_TIMES("Net.SSLHostInfoVerificationTimeMs_Google", duration);
-  }
-  UMA_HISTOGRAM_TIMES("Net.SSLHostInfoVerificationTimeMs", duration);
-  VLOG(1) << "Verification took " << duration.InMilliseconds() << "ms";
-  verification_end_time_ = now;
-  cert_verification_complete_ = true;
-  cert_verification_error_ = rv;
-  if (!cert_verification_callback_.is_null()) {
-    CompletionCallback callback = cert_verification_callback_;
-    cert_verification_callback_.Reset();
-    callback.Run(rv);
-  }
-}
-
-SSLHostInfoFactory::~SSLHostInfoFactory() {}
-
-}  // namespace net
diff --git a/net/socket/ssl_host_info.h b/net/socket/ssl_host_info.h
deleted file mode 100644
index d73cc6d..0000000
--- a/net/socket/ssl_host_info.h
+++ /dev/null
@@ -1,144 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_SOCKET_SSL_HOST_INFO_H_
-#define NET_SOCKET_SSL_HOST_INFO_H_
-
-#include <string>
-#include <vector>
-
-#include "base/memory/ref_counted.h"
-#include "base/memory/weak_ptr.h"
-#include "base/time.h"
-#include "net/base/cert_verifier.h"
-#include "net/base/cert_verify_result.h"
-#include "net/base/completion_callback.h"
-#include "net/base/net_export.h"
-#include "net/base/single_request_cert_verifier.h"
-#include "net/socket/ssl_client_socket.h"
-
-namespace net {
-
-class X509Certificate;
-struct SSLConfig;
-
-// SSLHostInfo is an interface for fetching information about an SSL server.
-// This information may be stored on disk so does not include keys or session
-// information etc. Primarily it's intended for caching the server's
-// certificates.
-class NET_EXPORT_PRIVATE SSLHostInfo {
- public:
-  SSLHostInfo(const std::string& hostname,
-              const SSLConfig& ssl_config,
-              CertVerifier* certVerifier);
-  virtual ~SSLHostInfo();
-
-  // Start will commence the lookup. This must be called before any other
-  // methods. By opportunistically calling this early, it may be possible to
-  // overlap this object's lookup and reduce latency.
-  virtual void Start() = 0;
-
-  // WaitForDataReady returns OK if the fetch of the requested data has
-  // completed. Otherwise it returns ERR_IO_PENDING and will call |callback| on
-  // the current thread when ready.
-  //
-  // Only a single callback can be outstanding at a given time and, in the
-  // event that WaitForDataReady returns OK, it's the caller's responsibility
-  // to delete |callback|.
-  //
-  // |callback| may be NULL, in which case ERR_IO_PENDING may still be returned
-  // but, obviously, a callback will never be made.
-  virtual int WaitForDataReady(const CompletionCallback& callback) = 0;
-
-  // Persist allows for the host information to be updated for future users.
-  // This is a fire and forget operation: the caller may drop its reference
-  // from this object and the store operation will still complete. This can
-  // only be called once WaitForDataReady has returned OK or called its
-  // callback.
-  virtual void Persist() = 0;
-
-  struct State {
-    State();
-    ~State();
-
-    void Clear();
-
-    // certs is a vector of DER encoded X.509 certificates, as the server
-    // returned them and in the same order.
-    std::vector<std::string> certs;
-
-   private:
-    DISALLOW_COPY_AND_ASSIGN(State);
-  };
-
-  // Once the data is ready, it can be read using the following members. These
-  // members can then be updated before calling |Persist|.
-  const State& state() const;
-  State* mutable_state();
-
-  // If WaitForCertVerification reports the certificate verification has
-  // completed, then this contains the result of verifying the certificate.
-  const CertVerifyResult& cert_verify_result() const;
-
-  // WaitForCertVerification returns ERR_IO_PENDING if the certificate chain in
-  // |state().certs| is still being validated and arranges for the given
-  // callback to be called when the verification completes. If the verification
-  // has already finished then WaitForCertVerification returns the result of
-  // that verification.
-  int WaitForCertVerification(const CompletionCallback& callback);
-
-  base::TimeTicks verification_start_time() const {
-    return verification_start_time_;
-  }
-
-  base::TimeTicks verification_end_time() const {
-    return verification_end_time_;
-  }
-
- protected:
-  // Parse parses an opaque blob of data and fills out the public member fields
-  // of this object. It returns true iff the parse was successful. The public
-  // member fields will be set to something sane in any case.
-  bool Parse(const std::string& data);
-  std::string Serialize() const;
-  State state_;
-  bool cert_verification_complete_;
-  int cert_verification_error_;
-
- private:
-  // This is the callback function which the CertVerifier calls via |callback_|.
-  void VerifyCallback(int rv);
-
-  // ParseInner is a helper function for Parse.
-  bool ParseInner(const std::string& data);
-
-  // This is the hostname that we'll validate the certificates against.
-  const std::string hostname_;
-  bool cert_parsing_failed_;
-  CompletionCallback cert_verification_callback_;
-  // These three members are taken from the SSLConfig.
-  bool rev_checking_enabled_;
-  bool verify_ev_cert_;
-  base::TimeTicks verification_start_time_;
-  base::TimeTicks verification_end_time_;
-  CertVerifyResult cert_verify_result_;
-  SingleRequestCertVerifier verifier_;
-  scoped_refptr<X509Certificate> cert_;
-  base::WeakPtrFactory<SSLHostInfo> weak_factory_;
-  base::TimeTicks cert_verification_finished_time_;
-};
-
-class SSLHostInfoFactory {
- public:
-  virtual ~SSLHostInfoFactory();
-
-  // GetForHost returns a fresh, allocated SSLHostInfo for the given hostname
-  // or NULL on failure.
-  virtual SSLHostInfo* GetForHost(const std::string& hostname,
-                                  const SSLConfig& ssl_config) = 0;
-};
-
-}  // namespace net
-
-#endif  // NET_SOCKET_SSL_HOST_INFO_H_
diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc
index b7aae96..03a6db0 100644
--- a/net/socket/ssl_server_socket_unittest.cc
+++ b/net/socket/ssl_server_socket_unittest.cc
@@ -340,7 +340,7 @@ class SSLServerSocketTest : public PlatformTest {
     context.cert_verifier = cert_verifier_.get();
     client_socket_.reset(
         socket_factory_->CreateSSLClientSocket(
-            fake_client_socket, host_and_pair, ssl_config, NULL, context));
+            fake_client_socket, host_and_pair, ssl_config, context));
     server_socket_.reset(net::CreateSSLServerSocket(fake_server_socket,
                                                     cert, private_key.get(),
                                                     net::SSLConfig()));
diff --git a/net/socket/transport_client_socket_pool_unittest.cc b/net/socket/transport_client_socket_pool_unittest.cc
index 291640c..93e7d11 100644
--- a/net/socket/transport_client_socket_pool_unittest.cc
+++ b/net/socket/transport_client_socket_pool_unittest.cc
@@ -20,7 +20,6 @@
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/client_socket_pool_histograms.h"
 #include "net/socket/socket_test_util.h"
-#include "net/socket/ssl_host_info.h"
 #include "net/socket/stream_socket.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -336,10 +335,8 @@ class MockClientSocketFactory : public ClientSocketFactory {
       ClientSocketHandle* transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config,
-      SSLHostInfo* ssl_host_info,
       const SSLClientSocketContext& context) {
     NOTIMPLEMENTED();
-    delete ssl_host_info;
     return NULL;
   }
author	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-06-27 16:48:46 +0000
committer	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-06-27 16:48:46 +0000
commit	efe22215cad3c4541a443339d948c226d54e44c5 (patch)
tree	2e8f8489f6b89a594bdb891120324c730178a087 /net/socket
parent	f18531246f728226c9b2a62f425dfb8db38af243 (diff)
download	chromium_src-efe22215cad3c4541a443339d948c226d54e44c5.zip chromium_src-efe22215cad3c4541a443339d948c226d54e44c5.tar.gz chromium_src-efe22215cad3c4541a443339d948c226d54e44c5.tar.bz2