Implement Expect-Staple

net/socket/ssl_client_socket_impl.h

Index: net/socket/ssl_client_socket_impl.h
diff --git a/net/socket/ssl_client_socket_impl.h b/net/socket/ssl_client_socket_impl.h
index 97fa2929d50d880c857b46bcc5da5043686b64e6..cae331810c5e25498a6410a8a62754b39d6e2f8a 100644
--- a/net/socket/ssl_client_socket_impl.h
+++ b/net/socket/ssl_client_socket_impl.h
@@ -134,6 +134,9 @@ class SSLClientSocketImpl : public SSLClientSocket {
   void DoConnectCallback(int result);
   void UpdateServerCert();
   void VerifyCT();
+  void CheckOCSP(const X509Certificate& verified_certificate,

[svaldez, 2016/06/16 11:14:38]

ReportOCSP? Especially if we're not actually changing connection state/security
based on OCSP. You might as well also just have this function pull the
certs/known_root off of the object instead of passing them in (Matching
VerifyCT/ChannelID).

[dadrian, 2016/06/16 19:20:18]

Done.

+                 const X509Certificate& unverified_certificate,
+                 bool is_issued_by_known_root);
 
   void OnHandshakeIOComplete(int result);
   void OnSendComplete(int result);
@@ -373,6 +376,8 @@ class SSLClientSocketImpl : public SSLClientSocket {
   // True if PKP is bypassed due to a local trust anchor.
   bool pkp_bypassed_;
 
+  std::string ocsp_response_;
+
   BoundNetLog net_log_;
   base::WeakPtrFactory<SSLClientSocketImpl> weak_factory_;
 };