From 4dc832eb7a378a2834423be90ba269c66e54fd0c Mon Sep 17 00:00:00 2001
From: "hclam@chromium.org"
 <hclam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Thu, 28 Apr 2011 22:04:24 +0000
Subject: Skip cert verification if it is expected to be bad.

If server cert received is expected to be bad then don't perform the verification step.

BUG=None
TEST=net_unittests --gtest_filter=SSL*

Review URL: http://codereview.chromium.org/6898033

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@83420 0039d316-1c4b-4281-b951-d872f2087c98
---
 net/base/ssl_config_service.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'net/base/ssl_config_service.h')

diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h
index 1b77839..19d113e 100644
--- a/net/base/ssl_config_service.h
+++ b/net/base/ssl_config_service.h
@@ -23,7 +23,9 @@ struct SSLConfig {
   ~SSLConfig();
 
   // Returns true if |cert| is one of the certs in |allowed_bad_certs|.
-  bool IsAllowedBadCert(X509Certificate* cert) const;
+  // The expected cert status is written to |cert_status|. |*cert_status| can
+  // be NULL if user doesn't care about the cert status.
+  bool IsAllowedBadCert(X509Certificate* cert, int* cert_status) const;
 
   bool rev_checking_enabled;  // True if server certificate revocation
                               // checking is enabled.
-- 
cgit v1.1