Implement Expect-Staple

net/socket/ssl_client_socket_impl.cc

Index: net/socket/ssl_client_socket_impl.cc
diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc
index 01acc54ffcfe0c1d2f14381263c74147f1adf978..d72c462d9544a288850c02c9e46c058940384cde 100644
--- a/net/socket/ssl_client_socket_impl.cc
+++ b/net/socket/ssl_client_socket_impl.cc
@@ -797,6 +797,7 @@ bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) {
   ssl_info->pinning_failure_log = pinning_failure_log_;
 
   AddCTInfoToSSLInfo(ssl_info);
+  ssl_info->ocsp = server_cert_verify_result_.ocsp;
 
   const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_);
   CHECK(cipher);
@@ -1357,6 +1358,8 @@ int SSLClientSocketImpl::DoVerifyCertComplete(int result) {
     // the connection.
     VerifyCT();
 
+    ReportOCSP();
+
     DCHECK(!certificate_verified_);
     certificate_verified_ = true;
     MaybeCacheSession();
@@ -1438,6 +1441,13 @@ void SSLClientSocketImpl::VerifyCT() {
           ct_verify_result_.verified_scts, net_log_);
 }
 
+void SSLClientSocketImpl::ReportOCSP() {
+  transport_security_state_->CheckExpectStaple(
+      host_and_port_, *server_cert_verify_result_.verified_cert, *server_cert_,
+      server_cert_verify_result_.is_issued_by_known_root,
+      server_cert_verify_result_.ocsp);
+}
+
 void SSLClientSocketImpl::OnHandshakeIOComplete(int result) {
   int rv = DoHandshakeLoop(result);
   if (rv != ERR_IO_PENDING) {