Index: net/socket/ssl_client_socket_impl.cc |
diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc |
index 80ff994982f2d3e804266d8623bae1dd2e90b0d4..dae50fcea1b1edf3ffa24118a3e5915d1101c9ef 100644 |
--- a/net/socket/ssl_client_socket_impl.cc |
+++ b/net/socket/ssl_client_socket_impl.cc |
@@ -799,6 +799,7 @@ bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) { |
ssl_info->cert_status = server_cert_verify_result_.cert_status; |
ssl_info->is_issued_by_known_root = |
server_cert_verify_result_.is_issued_by_known_root; |
+ ssl_info->pkp_bypassed = server_cert_verify_result_.pkp_bypassed; |
ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; |
ssl_info->client_cert_sent = |
ssl_config_.send_client_cert && ssl_config_.client_cert.get(); |
@@ -1356,7 +1357,10 @@ int SSLClientSocketImpl::DoVerifyCertComplete(int result) { |
server_cert_verify_result_.public_key_hashes, server_cert_.get(), |
server_cert_verify_result_.verified_cert.get(), |
TransportSecurityState::ENABLE_PIN_REPORTS, &pinning_failure_log_)) { |
- result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
+ if (server_cert_verify_result_.is_issued_by_known_root) |
+ result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
+ else |
+ server_cert_verify_result_.pkp_bypassed = true; |
} |
if (result == OK) { |