Index: net/quic/crypto/proof_verifier_chromium.cc |
diff --git a/net/quic/crypto/proof_verifier_chromium.cc b/net/quic/crypto/proof_verifier_chromium.cc |
index e9191a76c2bca2897f96221082428aa03b1f9156..a9521d099292d34d56277206e64ac97a6a3e4815 100644 |
--- a/net/quic/crypto/proof_verifier_chromium.cc |
+++ b/net/quic/crypto/proof_verifier_chromium.cc |
@@ -284,12 +284,22 @@ int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { |
const CertVerifyResult& cert_verify_result = |
verify_details_->cert_verify_result; |
const CertStatus cert_status = cert_verify_result.cert_status; |
+ verify_details_->ct_verify_result.ct_policies_applied = |
+ (result == OK && policy_enforcer_ != nullptr); |
Ryan Sleevi
2016/02/05 02:09:25
Not sure I grok why this is tracked?
estark
2016/02/08 08:36:26
See previous reply.
|
+ verify_details_->ct_verify_result.ev_policy_compliance = |
+ CTPolicyEnforcer::EV_POLICY_DOES_NOT_APPLY; |
if (result == OK && policy_enforcer_ && |
(cert_verify_result.cert_status & CERT_STATUS_IS_EV)) { |
- if (!policy_enforcer_->DoesConformToCTEVPolicy( |
+ CTPolicyEnforcer::EVPolicyCompliance ev_policy_compliance = |
+ policy_enforcer_->DoesConformToCTEVPolicy( |
cert_verify_result.verified_cert.get(), |
SSLConfigService::GetEVCertsWhitelist().get(), |
- verify_details_->ct_verify_result, net_log_)) { |
+ verify_details_->ct_verify_result.verified_scts, net_log_); |
+ verify_details_->ct_verify_result.ev_policy_compliance = |
+ ev_policy_compliance; |
+ if (ev_policy_compliance != |
+ CTPolicyEnforcer::EV_POLICY_COMPLIES_VIA_WHITELIST && |
+ ev_policy_compliance != CTPolicyEnforcer::EV_POLICY_COMPLIES_VIA_SCTS) { |
verify_details_->cert_verify_result.cert_status |= |
CERT_STATUS_CT_COMPLIANCE_FAILED; |
verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV; |