Index: net/socket/ssl_client_socket_impl.cc |
diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc |
index 9bbc41d8f0c4b869120d59839ebbe4f608f16dc4..8175f521fa9fa6681ea0aa25be95977148d91a3f 100644 |
--- a/net/socket/ssl_client_socket_impl.cc |
+++ b/net/socket/ssl_client_socket_impl.cc |
@@ -1571,13 +1571,13 @@ int SSLClientSocketImpl::VerifyCT() { |
server_cert_verify_result_.verified_cert.get(), verified_scts, |
net_log_); |
- if (ct_verify_result_.cert_policy_compliance != |
- ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS && |
- ct_verify_result_.cert_policy_compliance != |
- ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY && |
- transport_security_state_->ShouldRequireCT( |
- host_and_port_.host(), server_cert_verify_result_.verified_cert.get(), |
- server_cert_verify_result_.public_key_hashes)) { |
+ if (!transport_security_state_->CheckCTRequirements( |
+ host_and_port_, server_cert_verify_result_.is_issued_by_known_root, |
+ server_cert_verify_result_.public_key_hashes, |
+ server_cert_verify_result_.verified_cert.get(), server_cert_.get(), |
+ ct_verify_result_.scts, |
+ TransportSecurityState::ENABLE_EXPECT_CT_REPORTS, |
+ ct_verify_result_.cert_policy_compliance)) { |
server_cert_verify_result_.cert_status |= |
CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED; |
return ERR_CERTIFICATE_TRANSPARENCY_REQUIRED; |