Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(853)

Unified Diff: net/socket/ssl_client_socket_openssl.cc

Issue 1211423002: Ignore certificate transparency by default. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Consolidate conditionals Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_openssl.cc
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index 5d81c559e125af7f62ba14c0a7a9b22c1926ad63..f2c9cbc664cc4a856916a2b8f2d871950e526894 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -1222,22 +1222,19 @@ void SSLClientSocketOpenSSL::VerifyCT() {
server_cert_verify_result_.verified_cert.get(), ocsp_response, sct_list,
&ct_verify_result_, net_log_);
- if (!policy_enforcer_) {
- server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV;
- } else {
- if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) {
- scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =
- SSLConfigService::GetEVCertsWhitelist();
- if (!policy_enforcer_->DoesConformToCTEVPolicy(
- server_cert_verify_result_.verified_cert.get(),
- ev_whitelist.get(), ct_verify_result_, net_log_)) {
- // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766
- VLOG(1) << "EV certificate for "
- << server_cert_verify_result_.verified_cert->subject()
- .GetDisplayName()
- << " does not conform to CT policy, removing EV status.";
- server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV;
- }
+ if (policy_enforcer_ &&
+ (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV)) {
+ scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =
+ SSLConfigService::GetEVCertsWhitelist();
+ if (!policy_enforcer_->DoesConformToCTEVPolicy(
+ server_cert_verify_result_.verified_cert.get(), ev_whitelist.get(),
+ ct_verify_result_, net_log_)) {
+ // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766
+ VLOG(1) << "EV certificate for "
+ << server_cert_verify_result_.verified_cert->subject()
+ .GetDisplayName()
+ << " does not conform to CT policy, removing EV status.";
+ server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV;
}
}
}
« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698