Index: net/socket/ssl_client_socket_nss.cc |
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc |
index 5619247ff26e7829b46b70c2d419863f49223ac3..4c3672f1eeca38f950fb1b2586ab08697e653e4a 100644 |
--- a/net/socket/ssl_client_socket_nss.cc |
+++ b/net/socket/ssl_client_socket_nss.cc |
@@ -2410,7 +2410,7 @@ bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { |
ssl_info->cert = server_cert_verify_result_.verified_cert; |
ssl_info->unverified_cert = core_->state().server_cert; |
- AddSCTInfoToSSLInfo(ssl_info); |
+ AddCTInfoToSSLInfo(ssl_info); |
ssl_info->connection_status = |
core_->state().ssl_connection_status; |
@@ -3126,13 +3126,21 @@ void SSLClientSocketNSS::VerifyCT() { |
// TODO(ekasper): wipe stapled_ocsp_response and sct_list_from_tls_extension |
// from the state after verification is complete, to conserve memory. |
+ ct_verify_result_.ct_policies_applied = (policy_enforcer_ != nullptr); |
+ ct_verify_result_.ev_policy_compliance = |
+ CTPolicyEnforcer::EV_POLICY_DOES_NOT_APPLY; |
if (policy_enforcer_ && |
(server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV)) { |
scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
SSLConfigService::GetEVCertsWhitelist(); |
- if (!policy_enforcer_->DoesConformToCTEVPolicy( |
+ ct_verify_result_.ev_policy_compliance = |
+ policy_enforcer_->DoesConformToCTEVPolicy( |
server_cert_verify_result_.verified_cert.get(), ev_whitelist.get(), |
- ct_verify_result_, net_log_)) { |
+ ct_verify_result_.verified_scts, net_log_); |
+ if (ct_verify_result_.ev_policy_compliance != |
+ CTPolicyEnforcer::EV_POLICY_COMPLIES_VIA_WHITELIST && |
+ ct_verify_result_.ev_policy_compliance != |
+ CTPolicyEnforcer::EV_POLICY_COMPLIES_VIA_SCTS) { |
// TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 |
VLOG(1) << "EV certificate for " |
<< server_cert_verify_result_.verified_cert->subject() |
@@ -3158,8 +3166,8 @@ bool SSLClientSocketNSS::CalledOnValidThread() const { |
return valid_thread_id_ == base::PlatformThread::CurrentId(); |
} |
-void SSLClientSocketNSS::AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const { |
- ssl_info->UpdateSignedCertificateTimestamps(ct_verify_result_); |
+void SSLClientSocketNSS::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const { |
+ ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_); |
} |
// static |