Expose when PKP is bypassed in SSLInfo.

net/socket/ssl_client_socket_impl.cc

Index: net/socket/ssl_client_socket_impl.cc
diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc
index 12867ad2e3a3d44dc10e6373c346b4e2af7adfa0..6f80bfc31b958b7194fb7fb37ccf54d56d0570a3 100644
--- a/net/socket/ssl_client_socket_impl.cc
+++ b/net/socket/ssl_client_socket_impl.cc
@@ -526,6 +526,7 @@ SSLClientSocketImpl::SSLClientSocketImpl(
       signature_result_(kNoPendingResult),
       transport_security_state_(context.transport_security_state),
       policy_enforcer_(context.ct_policy_enforcer),
+      pkp_bypassed_(false),
       net_log_(transport_->socket()->NetLog()),
       weak_factory_(this) {
   DCHECK(cert_verifier_);
@@ -799,6 +800,7 @@ bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) {
   ssl_info->cert_status = server_cert_verify_result_.cert_status;
   ssl_info->is_issued_by_known_root =
       server_cert_verify_result_.is_issued_by_known_root;
+  ssl_info->pkp_bypassed = pkp_bypassed_;
   ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
   ssl_info->client_cert_sent =
       ssl_config_.send_client_cert && ssl_config_.client_cert.get();
@@ -1351,7 +1353,10 @@ int SSLClientSocketImpl::DoVerifyCertComplete(int result) {
           server_cert_verify_result_.public_key_hashes, server_cert_.get(),
           server_cert_verify_result_.verified_cert.get(),
           TransportSecurityState::ENABLE_PIN_REPORTS, &pinning_failure_log_)) {
-    result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
+    if (server_cert_verify_result_.is_issued_by_known_root)
+      result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
+    else
+      pkp_bypassed_ = true;
   }
 
   if (result == OK) {