Add information to SSLInfo about CT EV policy compliance

net/quic/crypto/proof_verifier_chromium.cc

Index: net/quic/crypto/proof_verifier_chromium.cc
diff --git a/net/quic/crypto/proof_verifier_chromium.cc b/net/quic/crypto/proof_verifier_chromium.cc
index e9191a76c2bca2897f96221082428aa03b1f9156..a9521d099292d34d56277206e64ac97a6a3e4815 100644
--- a/net/quic/crypto/proof_verifier_chromium.cc
+++ b/net/quic/crypto/proof_verifier_chromium.cc
@@ -284,12 +284,22 @@ int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) {
   const CertVerifyResult& cert_verify_result =
       verify_details_->cert_verify_result;
   const CertStatus cert_status = cert_verify_result.cert_status;
+  verify_details_->ct_verify_result.ct_policies_applied =
+      (result == OK && policy_enforcer_ != nullptr);

[Ryan Sleevi, 2016/02/05 02:09:25]

Not sure I grok why this is tracked?

[estark, 2016/02/08 08:36:26]

See previous reply.

+  verify_details_->ct_verify_result.ev_policy_compliance =
+      CTPolicyEnforcer::EV_POLICY_DOES_NOT_APPLY;
   if (result == OK && policy_enforcer_ &&
       (cert_verify_result.cert_status & CERT_STATUS_IS_EV)) {
-    if (!policy_enforcer_->DoesConformToCTEVPolicy(
+    CTPolicyEnforcer::EVPolicyCompliance ev_policy_compliance =
+        policy_enforcer_->DoesConformToCTEVPolicy(
             cert_verify_result.verified_cert.get(),
             SSLConfigService::GetEVCertsWhitelist().get(),
-            verify_details_->ct_verify_result, net_log_)) {
+            verify_details_->ct_verify_result.verified_scts, net_log_);
+    verify_details_->ct_verify_result.ev_policy_compliance =
+        ev_policy_compliance;
+    if (ev_policy_compliance !=
+            CTPolicyEnforcer::EV_POLICY_COMPLIES_VIA_WHITELIST &&
+        ev_policy_compliance != CTPolicyEnforcer::EV_POLICY_COMPLIES_VIA_SCTS) {
       verify_details_->cert_verify_result.cert_status |=
           CERT_STATUS_CT_COMPLIANCE_FAILED;
       verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV;