Use LOAD_VERIFY_EV_CERT to verify EV-ness in Verify()....

chrome/browser/renderer_host/resource_dispatcher_host.cc

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // See http://dev.chromium.org/developers/design-documents/multi-process-resource-loading
 
 #include "chrome/browser/renderer_host/resource_dispatcher_host.h"
 
 #include <vector>
 
@@ skipping 315 matching lines @@
     return;
   }
 
   // Construct the request.
   URLRequest* request = new URLRequest(request_data.url, this);
   request->set_method(request_data.method);
   request->set_first_party_for_cookies(request_data.first_party_for_cookies);
   request->set_referrer(request_data.referrer.spec());
   request->SetExtraRequestHeaders(request_data.headers);
   int load_flags = request_data.load_flags;
+  // EV certificate verification could be expensive.  We don't want to spend
+  // time performing EV certificate verification on all resources because
+  // EV status is irrelevant to sub-frames and sub-resources.
   if (request_data.resource_type == ResourceType::MAIN_FRAME)
     load_flags |= net::LOAD_VERIFY_EV_CERT;
   request->set_load_flags(load_flags);
   request->set_context(context);
   request->set_origin_pid(request_data.origin_pid);
 
   if (IsHttpPrioritizationEnabled()) {
     // If the request is for the top level page or a frame/iframe, then we
     // should prioritize it higher than other resource types.  Currently, we
     // just use priorities 1 and 0.
@@ skipping 574 matching lines @@
   response->response_head.filter_policy = info->filter_policy;
   response->response_head.content_length = request->GetExpectedContentSize();
   response->response_head.app_cache_id = WebAppCacheContext::kNoAppCacheId;
   request->GetMimeType(&response->response_head.mime_type);
 
   if (request->ssl_info().cert) {
     int cert_id =
         CertStore::GetSharedInstance()->StoreCert(
             request->ssl_info().cert,
             info->process_id);
-    int cert_status = request->ssl_info().cert_status;
-    // EV certificate verification could be expensive.  We don't want to spend
-    // time performing EV certificate verification on all resources because
-    // EV status is irrelevant to sub-frames and sub-resources.  So we call
-    // IsEV here rather than in the network layer because the network layer
-    // doesn't know the resource type.
-    if (info->resource_type == ResourceType::MAIN_FRAME &&
-        request->ssl_info().cert->IsEV(cert_status))
-      cert_status |= net::CERT_STATUS_IS_EV;
-
     response->response_head.security_info =
         SSLManager::SerializeSecurityInfo(cert_id,
-                                          cert_status,
+                                          request->ssl_info().cert_status,
                                           request->ssl_info().security_bits);
   } else {
     // We should not have any SSL state.
     DCHECK(!request->ssl_info().cert_status &&
            (request->ssl_info().security_bits == -1 ||
            request->ssl_info().security_bits == 0));
   }
 
   NotifyResponseStarted(request, info->process_id);
   return info->resource_handler->OnResponseStarted(info->request_id,
@@ skipping 602 matching lines @@
     case ViewHostMsg_UploadProgress_ACK::ID:
     case ViewHostMsg_SyncLoad::ID:
       return true;
 
     default:
       break;
   }
 
   return false;
 }