net: make pinning enforcement timeout after ten weeks.

net/url_request/url_request_http_job.cc

Index: net/url_request/url_request_http_job.cc
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index bebe42c85d16d86bad93ef10e9e7af1596bb5c6d..b2d47f778a9d8ce462d8a4e85a7135f28d10ea2b 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -4,8 +4,9 @@
 
 #include "net/url_request/url_request_http_job.h"
 
-#include "base/bind.h"
 #include "base/base_switches.h"
+#include "base/bind.h"
+#include "base/build_time.h"
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/file_util.h"
@@ -685,13 +686,16 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
               &domain_state, host, sni_available)) {
         if (!domain_state.IsChainOfPublicKeysPermitted(
                 ssl_info.public_key_hashes)) {
-          result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
-          UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false);
-          TransportSecurityState::ReportUMAOnPinFailure(host);
-          FraudulentCertificateReporter* reporter =
-              context_->fraudulent_certificate_reporter();
-          if (reporter != NULL)
-            reporter->SendReport(host, ssl_info, sni_available);
+          const base::Time build_time = base::GetBuildTime();
+          if ((base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */) {

[wtc, 2011/11/15 02:49:31]

Please add a comment to explain the purpose of this test.
It is not obvious.

+            result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
+            UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false);
+            TransportSecurityState::ReportUMAOnPinFailure(host);
+            FraudulentCertificateReporter* reporter =
+                context_->fraudulent_certificate_reporter();
+            if (reporter != NULL)
+              reporter->SendReport(host, ssl_info, sni_available);
+          }
         } else {
           UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true);
         }