Ignore certificate transparency by default.

net/socket/ssl_client_socket_nss.cc

Index: net/socket/ssl_client_socket_nss.cc
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 6186bc2daabf0f0281f3fa34a8fc39e6facec6c6..f3e777ab124857ecc24d2cc8fe66865ba551f31c 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -3127,9 +3127,7 @@ void SSLClientSocketNSS::VerifyCT() {
   // TODO(ekasper): wipe stapled_ocsp_response and sct_list_from_tls_extension
   // from the state after verification is complete, to conserve memory.
 
-  if (!policy_enforcer_) {
-    server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV;
-  } else {
+  if (policy_enforcer_) {
     if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) {

[Ryan Sleevi, 2015/06/26 14:16:17]

Can consolidate to one conditional

       scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =
           SSLConfigService::GetEVCertsWhitelist();