Index: net/socket/ssl_client_socket_openssl.cc |
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc |
index 501eaefce0a6b16b34b869826966c31882dcc950..6fc1d91f855ddb1dba0deddeb4b4ae871c707a38 100644 |
--- a/net/socket/ssl_client_socket_openssl.cc |
+++ b/net/socket/ssl_client_socket_openssl.cc |
@@ -38,6 +38,7 @@ |
#include "net/cert/cert_verifier.h" |
#include "net/cert/ct_ev_whitelist.h" |
#include "net/cert/ct_policy_enforcer.h" |
+#include "net/cert/ct_policy_status.h" |
#include "net/cert/ct_verifier.h" |
#include "net/cert/x509_certificate_net_log_param.h" |
#include "net/cert/x509_util_openssl.h" |
@@ -837,7 +838,7 @@ bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) { |
ssl_info->token_binding_key_param = tb_negotiated_param_; |
ssl_info->pinning_failure_log = pinning_failure_log_; |
- AddSCTInfoToSSLInfo(ssl_info); |
+ AddCTInfoToSSLInfo(ssl_info); |
const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); |
CHECK(cipher); |
@@ -1445,13 +1446,24 @@ void SSLClientSocketOpenSSL::VerifyCT() { |
server_cert_verify_result_.verified_cert.get(), ocsp_response, sct_list, |
&ct_verify_result_, net_log_); |
+ ct_verify_result_.ct_policies_applied = (policy_enforcer_ != nullptr); |
+ ct_verify_result_.ev_policy_compliance = |
+ ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY; |
if (policy_enforcer_ && |
(server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV)) { |
scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
SSLConfigService::GetEVCertsWhitelist(); |
- if (!policy_enforcer_->DoesConformToCTEVPolicy( |
+ ct::EVPolicyCompliance ev_policy_compliance = |
+ policy_enforcer_->DoesConformToCTEVPolicy( |
server_cert_verify_result_.verified_cert.get(), ev_whitelist.get(), |
- ct_verify_result_, net_log_)) { |
+ ct_verify_result_.verified_scts, net_log_); |
+ ct_verify_result_.ev_policy_compliance = ev_policy_compliance; |
+ if (ev_policy_compliance != |
+ ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY && |
+ ev_policy_compliance != |
+ ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_WHITELIST && |
+ ev_policy_compliance != |
+ ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS) { |
// TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 |
VLOG(1) << "EV certificate for " |
<< server_cert_verify_result_.verified_cert->subject() |
@@ -2113,8 +2125,8 @@ int SSLClientSocketOpenSSL::NewSessionCallback(SSL_SESSION* session) { |
return 1; |
} |
-void SSLClientSocketOpenSSL::AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const { |
- ssl_info->UpdateSignedCertificateTimestamps(ct_verify_result_); |
+void SSLClientSocketOpenSSL::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const { |
+ ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_); |
} |
std::string SSLClientSocketOpenSSL::GetSessionCacheKey() const { |