Index: net/socket/ssl_client_socket_openssl.cc |
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc |
index 99414362c44226fd1fffe0de2f078538b1cfeb3d..878d69c2cf6f4a87af27dc57c118e0650d5a225b 100644 |
--- a/net/socket/ssl_client_socket_openssl.cc |
+++ b/net/socket/ssl_client_socket_openssl.cc |
@@ -1425,18 +1425,18 @@ void SSLClientSocketOpenSSL::VerifyCT() { |
server_cert_verify_result_.verified_cert.get(), ocsp_response, sct_list, |
&ct_verify_result_, net_log_); |
- if (policy_enforcer_ && |
- (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV)) { |
+ if (policy_enforcer_) { |
scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
SSLConfigService::GetEVCertsWhitelist(); |
if (!policy_enforcer_->DoesConformToCTEVPolicy( |
server_cert_verify_result_.verified_cert.get(), ev_whitelist.get(), |
ct_verify_result_, net_log_)) { |
// TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 |
- VLOG(1) << "EV certificate for " |
- << server_cert_verify_result_.verified_cert->subject() |
- .GetDisplayName() |
- << " does not conform to CT policy, removing EV status."; |
+ VLOG(1) |
+ << "Certificate for " |
+ << server_cert_verify_result_.verified_cert->subject() |
+ .GetDisplayName() |
+ << " does not conform to CT policy, removing EV status if present."; |
server_cert_verify_result_.cert_status |= |
CERT_STATUS_CT_COMPLIANCE_FAILED; |
server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |