Provide method for returning certificate expiration timestamp.

webrtc/base/sslidentity.h

Index: webrtc/base/sslidentity.h
diff --git a/webrtc/base/sslidentity.h b/webrtc/base/sslidentity.h
index cf9942637e480de935bdfaad3667f18555ddccc2..6bb1663344ab956bbc486d049ee44eac8b9a835a 100644
--- a/webrtc/base/sslidentity.h
+++ b/webrtc/base/sslidentity.h
@@ -68,6 +68,9 @@ class SSLCertificate {
                              unsigned char* digest,
                              size_t size,
                              size_t* length) const = 0;
+
+  // Returns the time in milliseconds relative to epoch.
+  virtual int64_t CertificateExpirationTime() const = 0;
 };
 
 // SSLCertChain is a simple wrapper for a vector of SSLCertificates. It serves
@@ -168,8 +171,9 @@ KeyType IntKeyTypeFamilyToKeyType(int key_type_family);
 // random string will be used.
 struct SSLIdentityParams {
   std::string common_name;
-  int not_before;  // offset from current time in seconds.
-  int not_after;   // offset from current time in seconds.
+  bool absolute_time;  // How to interpret |not_before| and |not_after|.
+  int64_t not_before;  // Offset from current time or absolute time in seconds.
+  int64_t not_after;   // Offset from current time or absolute time in seconds.

[hbos, 2015/11/25 11:18:31]

Is this necessary? Now any code that use these have to understand two
interpretations of the same variables.

I see you changed from int to int64_t. Is this the correct type?

Here's a usage case of not_before and not_after:
https://code.google.com/p/chromium/codesearch#chromium/src/third_party/webrtc...

Which calls: ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj).
long may be int32.

[torbjorng (webrtc), 2015/11/25 14:27:11]

I changed the logic around this to always use time in epoch (i.e., "absolute"
time.)

   KeyParams key_params;
 };