1 files changed, 10 insertions, 6 deletions

diff --git a/net/base/crl_set.h b/net/base/crl_set.h
index 04d7203..b75e11a 100644
--- a/net/base/crl_set.h
+++ b/net/base/crl_set.h
@@ -32,7 +32,6 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> {
     REVOKED,  // the certificate should be rejected.
     UNKNOWN,  // the CRL for the certificate is not included in the set.
     GOOD,     // the certificate is not listed.
-    CRL_SET_EXPIRED, // the CRLSet has expired.
   };
 
   ~CRLSet();
@@ -55,6 +54,10 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> {
       const base::StringPiece& serial_number,
       const base::StringPiece& issuer_spki_hash) const;
 
+  // IsExpired returns true iff the current time is past the NotAfter time
+  // specified in the CRLSet.
+  bool IsExpired() const;
+
   // ApplyDelta returns a new CRLSet in |out_crl_set| that is the result of
   // updating the current CRL set with the delta information in |delta_bytes|.
   bool ApplyDelta(const base::StringPiece& delta_bytes,
@@ -84,6 +87,12 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> {
   // testing.
   const CRLList& crls() const;
 
+  // EmptyCRLSetForTesting returns a valid, but empty, CRLSet for unit tests.
+  static CRLSet* EmptyCRLSetForTesting();
+
+  // ExpiredCRLSetForTesting returns a expired, empty CRLSet for unit tests.
+  static CRLSet* ExpiredCRLSetForTesting();
+
  private:
   CRLSet();
 
@@ -91,11 +100,6 @@ class NET_EXPORT CRLSet : public base::RefCountedThreadSafe<CRLSet> {
   // from "BlockedSPKIs" in |header_dict|.
   bool CopyBlockedSPKIsFromHeader(base::DictionaryValue* header_dict);
 
-  // CheckSerialIsRevoked is a helper function for |CheckSerial|.
-  Result CheckSerialIsRevoked(
-      const base::StringPiece& serial_number,
-      const base::StringPiece& issuer_spki_hash) const;
-
   uint32 sequence_;
   CRLList crls_;
   // not_after_ contains the time, in UNIX epoch seconds, after which the