Index: net/socket/ssl_client_socket_impl.cc |
diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc |
index 12867ad2e3a3d44dc10e6373c346b4e2af7adfa0..62b3b826b993066f6744bfcf2544f2aaff08a7c7 100644 |
--- a/net/socket/ssl_client_socket_impl.cc |
+++ b/net/socket/ssl_client_socket_impl.cc |
@@ -1359,6 +1359,8 @@ int SSLClientSocketImpl::DoVerifyCertComplete(int result) { |
// the connection. |
VerifyCT(); |
+ CheckOCSP(); |
estark
2016/06/09 21:24:15
Could you pass in |server_cert_| as an argument so
dadrian
2016/06/10 01:05:53
Yes, though it will eventually need both the certi
|
+ |
DCHECK(!certificate_verified_); |
certificate_verified_ = true; |
MaybeCacheSession(); |
@@ -1453,6 +1455,18 @@ void SSLClientSocketImpl::VerifyCT() { |
} |
} |
+void SSLClientSocketImpl::CheckOCSP() { |
+ TransportSecurityState::ExpectStapleState expect_staple_state; |
+ if (!transport_security_state_->GetStaticExpectStapleState( |
+ host_and_port_.host(), &expect_staple_state)) { |
+ return; |
+ } |
+ SSLInfo ssl_info; |
+ GetSSLInfo(&ssl_info); |
+ transport_security_state_->CheckExpectStaple( |
+ host_and_port_, expect_staple_state, *ssl_info.cert, ocsp_response_); |
estark
2016/06/09 21:24:15
Is |ocsp_response_| already always populated? I th
dadrian
2016/06/10 01:05:53
I'll make sure it gets populated if enable_static_
|
+} |
+ |
void SSLClientSocketImpl::OnHandshakeIOComplete(int result) { |
int rv = DoHandshakeLoop(result); |
if (rv != ERR_IO_PENDING) { |