Merge Chromium at r65505: Initial merge by git.

Change-Id: I31d8f1d8cd33caaf7f47ffa7350aef42d5fbdb45

1 files changed, 6 insertions, 0 deletions

diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h
index 0ab88b2..be50097 100644
--- a/net/base/ssl_config_service.h
+++ b/net/base/ssl_config_service.h
@@ -28,6 +28,8 @@ struct SSLConfig {
   bool tls1_enabled;  // True if TLS 1.0 is enabled.
   bool dnssec_enabled;  // True if we'll accept DNSSEC chains in certificates.
   bool snap_start_enabled;  // True if we'll try Snap Start handshakes.
+  // True if we'll do async checks for certificate provenance using DNS.
+  bool dns_cert_provenance_checking_enabled;
 
   // True if we allow this connection to be MITM attacked. This sounds a little
   // worse than it is: large networks sometimes MITM attack all SSL connections
@@ -144,6 +146,10 @@ class SSLConfigService : public base::RefCountedThreadSafe<SSLConfigService> {
   // True if we use False Start for SSL and TLS.
   static bool false_start_enabled();
 
+  // Enables DNS side checks for certificates.
+  static void EnableDNSCertProvenanceChecking();
+  static bool dns_cert_provenance_checking_enabled();
+
   // Add an observer of this service.
   void AddObserver(Observer* observer);