Code cleanup related to allowed_bad_certs.

cert_status is a bitwise-OR of CERT_STATUS_xxx, not ERR_CERT_xxx.

Initialize a CertAndStatus structure after checking it is needed.

Fix a typo in comments.

R=hclam
BUG=none
TEST=none

Review URL: http://codereview.chromium.org/6677022

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@78123 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 7 insertions, 6 deletions

diff --git a/net/http/http_stream_factory_impl_job.cc b/net/http/http_stream_factory_impl_job.cc
index 5e65d31..f648b81 100644
--- a/net/http/http_stream_factory_impl_job.cc
+++ b/net/http/http_stream_factory_impl_job.cc
@@ -1088,7 +1088,7 @@ int HttpStreamFactoryImpl::Job::HandleCertificateError(int error) {
   ssl_socket->GetSSLInfo(&ssl_info_);
 
   // Add the bad certificate to the set of allowed certificates in the
-  // SSL info object. This data structure will be consulted after calling
+  // SSL config object. This data structure will be consulted after calling
   // RestartIgnoringLastError(). And the user will be asked interactively
   // before RestartIgnoringLastError() is ever called.
   SSLConfig::CertAndStatus bad_cert;
diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc
index 122d183..792d2d8 100644
--- a/net/socket/ssl_server_socket_unittest.cc
+++ b/net/socket/ssl_server_socket_unittest.cc
@@ -23,6 +23,7 @@
 #include "base/nss_util.h"
 #include "base/path_service.h"
 #include "net/base/address_list.h"
+#include "net/base/cert_status_flags.h"
 #include "net/base/cert_verifier.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/io_buffer.h"
@@ -244,7 +245,7 @@ class SSLServerSocketTest : public PlatformTest {
 
     // Certificate provided by the host doesn't need authority.
     net::SSLConfig::CertAndStatus cert_and_status;
-    cert_and_status.cert_status = net::ERR_CERT_AUTHORITY_INVALID;
+    cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;
     cert_and_status.cert = cert;
     ssl_config.allowed_bad_certs.push_back(cert_and_status);
 
diff --git a/net/socket_stream/socket_stream.cc b/net/socket_stream/socket_stream.cc
index 7733c5d..0a36525 100644
--- a/net/socket_stream/socket_stream.cc
+++ b/net/socket_stream/socket_stream.cc
@@ -832,9 +832,6 @@ int SocketStream::DoSSLConnectComplete(int result) {
         reinterpret_cast<SSLClientSocket*>(socket_.get());
       SSLInfo ssl_info;
       ssl_socket->GetSSLInfo(&ssl_info);
-      SSLConfig::CertAndStatus bad_cert;
-      bad_cert.cert = ssl_info.cert;
-      bad_cert.cert_status = ssl_info.cert_status;
       if (ssl_config_.IsAllowedBadCert(ssl_info.cert)) {
         // If we already have the certificate in the set of allowed bad
         // certificates, we did try it and failed again, so we should not
@@ -843,7 +840,10 @@ int SocketStream::DoSSLConnectComplete(int result) {
         return result;
       }
       // Add the bad certificate to the set of allowed certificates in the
-      // SSL info object.
+      // SSL config object.
+      SSLConfig::CertAndStatus bad_cert;
+      bad_cert.cert = ssl_info.cert;
+      bad_cert.cert_status = ssl_info.cert_status;
       ssl_config_.allowed_bad_certs.push_back(bad_cert);
       // Restart connection ignoring the bad certificate.
       socket_->Disconnect();