Index: net/quic/crypto/proof_verifier_chromium.cc |
diff --git a/net/quic/crypto/proof_verifier_chromium.cc b/net/quic/crypto/proof_verifier_chromium.cc |
index e9191a76c2bca2897f96221082428aa03b1f9156..9e3b2ec2ca6c246028440ae7177de71bab0c76f7 100644 |
--- a/net/quic/crypto/proof_verifier_chromium.cc |
+++ b/net/quic/crypto/proof_verifier_chromium.cc |
@@ -23,6 +23,7 @@ |
#include "net/cert/cert_verifier.h" |
#include "net/cert/cert_verify_result.h" |
#include "net/cert/ct_policy_enforcer.h" |
+#include "net/cert/ct_policy_status.h" |
#include "net/cert/ct_verifier.h" |
#include "net/cert/x509_certificate.h" |
#include "net/cert/x509_util.h" |
@@ -284,12 +285,25 @@ int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { |
const CertVerifyResult& cert_verify_result = |
verify_details_->cert_verify_result; |
const CertStatus cert_status = cert_verify_result.cert_status; |
+ verify_details_->ct_verify_result.ct_policies_applied = |
+ (result == OK && policy_enforcer_ != nullptr); |
+ verify_details_->ct_verify_result.ev_policy_compliance = |
+ ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY; |
if (result == OK && policy_enforcer_ && |
(cert_verify_result.cert_status & CERT_STATUS_IS_EV)) { |
- if (!policy_enforcer_->DoesConformToCTEVPolicy( |
+ ct::EVPolicyCompliance ev_policy_compliance = |
+ policy_enforcer_->DoesConformToCTEVPolicy( |
cert_verify_result.verified_cert.get(), |
SSLConfigService::GetEVCertsWhitelist().get(), |
- verify_details_->ct_verify_result, net_log_)) { |
+ verify_details_->ct_verify_result.verified_scts, net_log_); |
+ verify_details_->ct_verify_result.ev_policy_compliance = |
+ ev_policy_compliance; |
+ if (ev_policy_compliance != |
+ ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY && |
+ ev_policy_compliance != |
+ ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_WHITELIST && |
+ ev_policy_compliance != |
+ ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS) { |
verify_details_->cert_verify_result.cert_status |= |
CERT_STATUS_CT_COMPLIANCE_FAILED; |
verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV; |