| Index: net/http/transport_security_state.cc
|
| diff --git a/net/http/transport_security_state.cc b/net/http/transport_security_state.cc
|
| index 9b42febf5f177481b33b5406d88215da1e24b325..ce16cca9a1517baf1e3dab049ba4f3a8a924acd6 100644
|
| --- a/net/http/transport_security_state.cc
|
| +++ b/net/http/transport_security_state.cc
|
| @@ -645,6 +645,10 @@ bool DecodeHSTSPreload(const std::string& hostname, PreloadResult* out) {
|
| std::string SerializeExpectStapleResponseStatus(
|
| OCSPVerifyResult::ResponseStatus status) {
|
| switch (status) {
|
| + case OCSPVerifyResult::NOT_CHECKED:
|
| + // Reports shouldn't be sent for this response status.
|
| + NOTREACHED();
|
| + return "NOT_CHECKED";
|
| case OCSPVerifyResult::MISSING:
|
| return "MISSING";
|
| case OCSPVerifyResult::PROVIDED:
|
| @@ -662,6 +666,7 @@ std::string SerializeExpectStapleResponseStatus(
|
| case OCSPVerifyResult::PARSE_RESPONSE_DATA_ERROR:
|
| return "PARSE_RESPONSE_DATA_ERROR";
|
| }
|
| + NOTREACHED();
|
| return std::string();
|
| }
|
|
|
| @@ -803,7 +808,11 @@ void TransportSecurityState::CheckExpectStaple(
|
| if (!GetStaticExpectStapleState(host_port_pair.host(), &expect_staple_state))
|
| return;
|
|
|
| - // No report needed if a stapled OCSP response was provided.
|
| + // No report needed if OCSP details were not checked on this connection.
|
| + if (ssl_info.ocsp_result.response_status == OCSPVerifyResult::NOT_CHECKED)
|
| + return;
|
| +
|
| + // No report needed if a stapled OCSP response was provided and it was valid.
|
| if (ssl_info.ocsp_result.response_status == OCSPVerifyResult::PROVIDED &&
|
| ssl_info.ocsp_result.revocation_status == OCSPRevocationStatus::GOOD) {
|
| return;
|
|
|
Chromium Code Reviews
Issue 2587243002:
Do not do Expect-Staple when OCSPVerifyResult has not been populated (Closed)
