Index: net/socket/ssl_client_socket_impl.cc |
diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc |
index 01acc54ffcfe0c1d2f14381263c74147f1adf978..d72c462d9544a288850c02c9e46c058940384cde 100644 |
--- a/net/socket/ssl_client_socket_impl.cc |
+++ b/net/socket/ssl_client_socket_impl.cc |
@@ -797,6 +797,7 @@ bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) { |
ssl_info->pinning_failure_log = pinning_failure_log_; |
AddCTInfoToSSLInfo(ssl_info); |
+ ssl_info->ocsp = server_cert_verify_result_.ocsp; |
const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); |
CHECK(cipher); |
@@ -1357,6 +1358,8 @@ int SSLClientSocketImpl::DoVerifyCertComplete(int result) { |
// the connection. |
VerifyCT(); |
+ ReportOCSP(); |
+ |
DCHECK(!certificate_verified_); |
certificate_verified_ = true; |
MaybeCacheSession(); |
@@ -1438,6 +1441,13 @@ void SSLClientSocketImpl::VerifyCT() { |
ct_verify_result_.verified_scts, net_log_); |
} |
+void SSLClientSocketImpl::ReportOCSP() { |
+ transport_security_state_->CheckExpectStaple( |
+ host_and_port_, *server_cert_verify_result_.verified_cert, *server_cert_, |
+ server_cert_verify_result_.is_issued_by_known_root, |
+ server_cert_verify_result_.ocsp); |
+} |
+ |
void SSLClientSocketImpl::OnHandshakeIOComplete(int result) { |
int rv = DoHandshakeLoop(result); |
if (rv != ERR_IO_PENDING) { |