Index: net/socket/ssl_client_socket_nss.cc |
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc |
index 6186bc2daabf0f0281f3fa34a8fc39e6facec6c6..1f3dd5946282acc0ef21dc7b4992d15d6d6a4d49 100644 |
--- a/net/socket/ssl_client_socket_nss.cc |
+++ b/net/socket/ssl_client_socket_nss.cc |
@@ -3127,22 +3127,19 @@ void SSLClientSocketNSS::VerifyCT() { |
// TODO(ekasper): wipe stapled_ocsp_response and sct_list_from_tls_extension |
// from the state after verification is complete, to conserve memory. |
- if (!policy_enforcer_) { |
- server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
- } else { |
- if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) { |
- scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
- SSLConfigService::GetEVCertsWhitelist(); |
- if (!policy_enforcer_->DoesConformToCTEVPolicy( |
- server_cert_verify_result_.verified_cert.get(), |
- ev_whitelist.get(), ct_verify_result_, net_log_)) { |
- // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 |
- VLOG(1) << "EV certificate for " |
- << server_cert_verify_result_.verified_cert->subject() |
- .GetDisplayName() |
- << " does not conform to CT policy, removing EV status."; |
- server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
- } |
+ if (policy_enforcer_ && |
+ (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV)) { |
+ scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
+ SSLConfigService::GetEVCertsWhitelist(); |
+ if (!policy_enforcer_->DoesConformToCTEVPolicy( |
+ server_cert_verify_result_.verified_cert.get(), ev_whitelist.get(), |
+ ct_verify_result_, net_log_)) { |
+ // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 |
+ VLOG(1) << "EV certificate for " |
+ << server_cert_verify_result_.verified_cert->subject() |
+ .GetDisplayName() |
+ << " does not conform to CT policy, removing EV status."; |
+ server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
} |
} |
} |