1 files changed, 8 insertions, 2 deletions

diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h
index 851dd94..d10134e 100644
--- a/net/base/ssl_config_service.h
+++ b/net/base/ssl_config_service.h
@@ -19,8 +19,8 @@ struct SSLConfig {
   // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on.
   SSLConfig()
       : rev_checking_enabled(true),  ssl2_enabled(false), ssl3_enabled(true),
-        tls1_enabled(true), ssl3_fallback(false), send_client_cert(false),
-        verify_ev_cert(false) {
+        tls1_enabled(true), ssl3_fallback(false), dnssec_enabled(false),
+        send_client_cert(false), verify_ev_cert(false) {
   }
 
   bool rev_checking_enabled;  // True if server certificate revocation
@@ -30,6 +30,7 @@ struct SSLConfig {
   bool tls1_enabled;  // True if TLS 1.0 is enabled.
   bool ssl3_fallback;  // True if we are falling back to SSL 3.0 (one still
                        // needs to clear tls1_enabled).
+  bool dnssec_enabled;  // True if we'll accept DNSSEC chains in certificates.
 
   // TODO(wtc): move the following members to a new SSLParams structure.  They
   // are not SSL configuration settings.
@@ -96,6 +97,11 @@ class SSLConfigService : public base::RefCountedThreadSafe<SSLConfigService> {
   // http://crbug.com and email the link to agl AT chromium DOT org.
   static bool IsKnownStrictTLSServer(const std::string& hostname);
 
+  // Enables the acceptance of self-signed certificates which contain an
+  // embedded DNSSEC chain proving their validity.
+  static void EnableDNSSEC();
+  static bool dnssec_enabled();
+
  protected:
   friend class base::RefCountedThreadSafe<SSLConfigService>;