| Index: net/socket/ssl_client_socket_openssl.cc
|
| diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
|
| index 1f193b7757af6c6338a5d0788ff5cf705fffeed1..1fea0056a57f9f3cca13959feaf34fca6fa03cef 100644
|
| --- a/net/socket/ssl_client_socket_openssl.cc
|
| +++ b/net/socket/ssl_client_socket_openssl.cc
|
| @@ -1425,11 +1425,10 @@ void SSLClientSocketOpenSSL::VerifyCT() {
|
| server_cert_verify_result_.verified_cert.get(), ocsp_response, sct_list,
|
| &ct_verify_result_, net_log_);
|
|
|
| - if (policy_enforcer_ &&
|
| - (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV)) {
|
| + if (policy_enforcer_) {
|
| scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =
|
| SSLConfigService::GetEVCertsWhitelist();
|
| - if (!policy_enforcer_->DoesConformToCTEVPolicy(
|
| + if (!policy_enforcer_->DoesConformToCTPolicy(
|
| server_cert_verify_result_.verified_cert.get(), ev_whitelist.get(),
|
| ct_verify_result_, net_log_)) {
|
| // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766
|
|
|
Chromium Code Reviews
Issue 1578993003:
Add Expect CT policy that gets checked on all certs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master