Enable Expect-Staple in SSLClientSocket.

Enable Expect-Staple in SSLClientSocket.

In TransportSecurityState, set |enable_static_expect_staple_|
to true by default. Update SSLClientSocket to call
TransportSecurityState::ProcessExpectStaple. Implements
operator== for OCSPVerifyResult, to make sure OCSP data
is not accidentally lost.

In ssl_client_socket_impl.cc, this also removes the if
(|signed_certificate_timestamps_enabled_) check around
extracting the OCSP response and setting the
UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled"). Since
SCTs are always enabled, this if statement was a noop.

This does not enable Expect-Staple for QUIC. See
https://crbug.com/631101

BUG=598021
Committed: https://crrev.com/d476e65cb521b5da146dbdd51bde4fafdaa37468
Cr-Commit-Position: refs/heads/master@{#407921}

[dadrian, 2016-07-26 20:08:24]

Description was changed from

==========
Enable Expect-Staple in SSLClientSocket.

In TransportSecurityState, set |enable_static_expect_staple_|
to true by default. Update SSLClientSocket to call
TransportSecurityState::ProcessExpectStaple.

In ssl_client_socket_impl.cc, this also removes the if
(|signed_certificate_timestamps_enabled_) check around
extracting the OCSP response and setting the
UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled"). Since
SCTs are always enabled, this if statement was a noop.

This does not enable Expect-Staple for QUIC. See
https://crbug.com/631101

BUG=598021
==========

to

==========
Enable Expect-Staple in SSLClientSocket.

In TransportSecurityState, set |enable_static_expect_staple_|
to true by default. Update SSLClientSocket to call
TransportSecurityState::ProcessExpectStaple. Implements
operator== for OCSPVerifyResult, to make sure OCSP data
is not accidentally lost.

In ssl_client_socket_impl.cc, this also removes the if
(|signed_certificate_timestamps_enabled_) check around
extracting the OCSP response and setting the
UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled"). Since
SCTs are always enabled, this if statement was a noop.

This does not enable Expect-Staple for QUIC. See
https://crbug.com/631101

BUG=598021
==========

[dadrian, 2016-07-26 20:10:12]

dadrian@google.com changed reviewers:
+ estark@chromium.org, rsleevi@chromium.org, svaldez@chromium.org

[dadrian, 2016-07-26 20:10:12]

The offending line was:

DCHECK(GetSSLInfo(&ssl_info));

This does not get ran on builds where DCHECK is compiled out.

It's official, we all have to quit because we missed this the first time around.

[Ryan Sleevi, 2016-07-26 20:19:50]

lgtm

[svaldez, 2016-07-26 20:21:31]

lgtm

[dadrian, 2016-07-26 20:22:03]

The CQ bit was checked by dadrian@google.com

[commit-bot: I haz the power, 2016-07-26 20:22:48]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-26 21:33:47]

Description was changed from

==========
Enable Expect-Staple in SSLClientSocket.

In TransportSecurityState, set |enable_static_expect_staple_|
to true by default. Update SSLClientSocket to call
TransportSecurityState::ProcessExpectStaple. Implements
operator== for OCSPVerifyResult, to make sure OCSP data
is not accidentally lost.

In ssl_client_socket_impl.cc, this also removes the if
(|signed_certificate_timestamps_enabled_) check around
extracting the OCSP response and setting the
UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled"). Since
SCTs are always enabled, this if statement was a noop.

This does not enable Expect-Staple for QUIC. See
https://crbug.com/631101

BUG=598021
==========

to

==========
Enable Expect-Staple in SSLClientSocket.

In TransportSecurityState, set |enable_static_expect_staple_|
to true by default. Update SSLClientSocket to call
TransportSecurityState::ProcessExpectStaple. Implements
operator== for OCSPVerifyResult, to make sure OCSP data
is not accidentally lost.

In ssl_client_socket_impl.cc, this also removes the if
(|signed_certificate_timestamps_enabled_) check around
extracting the OCSP response and setting the
UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled"). Since
SCTs are always enabled, this if statement was a noop.

This does not enable Expect-Staple for QUIC. See
https://crbug.com/631101

BUG=598021
==========

[commit-bot: I haz the power, 2016-07-26 21:33:51]

Committed patchset #2 (id:20001)

[commit-bot: I haz the power, 2016-07-26 21:35:23]

Description was changed from

==========
Enable Expect-Staple in SSLClientSocket.

In TransportSecurityState, set |enable_static_expect_staple_|
to true by default. Update SSLClientSocket to call
TransportSecurityState::ProcessExpectStaple. Implements
operator== for OCSPVerifyResult, to make sure OCSP data
is not accidentally lost.

In ssl_client_socket_impl.cc, this also removes the if
(|signed_certificate_timestamps_enabled_) check around
extracting the OCSP response and setting the
UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled"). Since
SCTs are always enabled, this if statement was a noop.

This does not enable Expect-Staple for QUIC. See
https://crbug.com/631101

BUG=598021
==========

to

==========
Enable Expect-Staple in SSLClientSocket.

In TransportSecurityState, set |enable_static_expect_staple_|
to true by default. Update SSLClientSocket to call
TransportSecurityState::ProcessExpectStaple. Implements
operator== for OCSPVerifyResult, to make sure OCSP data
is not accidentally lost.

In ssl_client_socket_impl.cc, this also removes the if
(|signed_certificate_timestamps_enabled_) check around
extracting the OCSP response and setting the
UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled"). Since
SCTs are always enabled, this if statement was a noop.

This does not enable Expect-Staple for QUIC. See
https://crbug.com/631101

BUG=598021

Committed: https://crrev.com/d476e65cb521b5da146dbdd51bde4fafdaa37468
Cr-Commit-Position: refs/heads/master@{#407921}
==========

[commit-bot: I haz the power, 2016-07-26 21:35:24]

Patchset 2 (id:??) landed as
https://crrev.com/d476e65cb521b5da146dbdd51bde4fafdaa37468
Cr-Commit-Position: refs/heads/master@{#407921}