Index: net/socket/ssl_client_socket_impl.cc |
diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc |
index 12867ad2e3a3d44dc10e6373c346b4e2af7adfa0..59141c1209f35df4d858d0c5b38954cd1aff0969 100644 |
--- a/net/socket/ssl_client_socket_impl.cc |
+++ b/net/socket/ssl_client_socket_impl.cc |
@@ -799,6 +799,7 @@ bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) { |
ssl_info->cert_status = server_cert_verify_result_.cert_status; |
ssl_info->is_issued_by_known_root = |
server_cert_verify_result_.is_issued_by_known_root; |
+ ssl_info->pkp_bypassed = server_cert_verify_result_.pkp_bypassed; |
ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; |
ssl_info->client_cert_sent = |
ssl_config_.send_client_cert && ssl_config_.client_cert.get(); |
@@ -1351,7 +1352,10 @@ int SSLClientSocketImpl::DoVerifyCertComplete(int result) { |
server_cert_verify_result_.public_key_hashes, server_cert_.get(), |
server_cert_verify_result_.verified_cert.get(), |
TransportSecurityState::ENABLE_PIN_REPORTS, &pinning_failure_log_)) { |
- result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
+ if (server_cert_verify_result_.is_issued_by_known_root) |
+ result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
+ else |
+ server_cert_verify_result_.pkp_bypassed = true; |
Ryan Sleevi
2016/06/09 22:09:05
Here, it'd be a local member that then gets popula
|
} |
if (result == OK) { |