Index: net/cert/ct_policy_enforcer.cc |
diff --git a/net/cert/ct_policy_enforcer.cc b/net/cert/ct_policy_enforcer.cc |
index a4e1e818c41bf92c86d02260bee6814dec679576..beae34ac3c887e73cc4ed829c4ea5a09d5136935 100644 |
--- a/net/cert/ct_policy_enforcer.cc |
+++ b/net/cert/ct_policy_enforcer.cc |
@@ -220,12 +220,8 @@ ct::CertPolicyCompliance CheckCertPolicyCompliance( |
// the doubt in the event a log is revoked in the midst of processing |
// a precertificate and issuing the certificate. |
base::Time issuance_date = base::Time::Max(); |
- for (const auto& sct : verified_scts) { |
- base::Time unused; |
- if (ct::IsLogDisqualified(sct->log_id, &unused)) |
- continue; |
+ for (const auto& sct : verified_scts) |
issuance_date = std::min(sct->timestamp, issuance_date); |
- } |
bool has_valid_google_sct = false; |
bool has_valid_nongoogle_sct = false; |
@@ -235,36 +231,20 @@ ct::CertPolicyCompliance CheckCertPolicyCompliance( |
bool has_embedded_nongoogle_sct = false; |
std::vector<base::StringPiece> embedded_log_ids; |
for (const auto& sct : verified_scts) { |
- base::Time disqualification_date; |
- bool is_disqualified = |
- ct::IsLogDisqualified(sct->log_id, &disqualification_date); |
- if (is_disqualified && |
- sct->origin != ct::SignedCertificateTimestamp::SCT_EMBEDDED) { |
- // For OCSP and TLS delivered SCTs, only SCTs that are valid at the |
- // time of check are accepted. |
- continue; |
- } |
- |
if (ct::IsLogOperatedByGoogle(sct->log_id)) { |
- has_valid_google_sct |= !is_disqualified; |
+ has_valid_google_sct = true; |
if (sct->origin == ct::SignedCertificateTimestamp::SCT_EMBEDDED) |
has_embedded_google_sct = true; |
} else { |
- has_valid_nongoogle_sct |= !is_disqualified; |
+ has_valid_nongoogle_sct = true; |
if (sct->origin == ct::SignedCertificateTimestamp::SCT_EMBEDDED) |
has_embedded_nongoogle_sct = true; |
} |
if (sct->origin != ct::SignedCertificateTimestamp::SCT_EMBEDDED) { |
has_valid_nonembedded_sct = true; |
} else { |
- has_valid_embedded_sct |= !is_disqualified; |
- // If the log is disqualified, it only counts towards quorum if |
- // the certificate was issued before the log was disqualified, and the |
- // SCT was obtained before the log was disqualified. |
- if (!is_disqualified || (issuance_date < disqualification_date && |
- sct->timestamp < disqualification_date)) { |
- embedded_log_ids.push_back(sct->log_id); |
- } |
+ has_valid_embedded_sct = true; |
+ embedded_log_ids.push_back(sct->log_id); |
} |
} |