Index: net/spdy/chromium/spdy_session.cc |
diff --git a/net/spdy/chromium/spdy_session.cc b/net/spdy/chromium/spdy_session.cc |
index 96768b6f0f16127e30ca6ea034a24303eb215352..09829f6050414f6fb97fe2323167104b26ff5efa 100644 |
--- a/net/spdy/chromium/spdy_session.cc |
+++ b/net/spdy/chromium/spdy_session.cc |
@@ -711,12 +711,14 @@ bool SpdySession::CanPool(TransportSecurityState* transport_security_state, |
return false; |
} |
- if (ssl_info.ct_cert_policy_compliance != |
- ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS && |
- ssl_info.ct_cert_policy_compliance != |
- ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY && |
- transport_security_state->ShouldRequireCT( |
- new_hostname, ssl_info.cert.get(), ssl_info.public_key_hashes)) { |
+ // As with CheckPublicKeyPins above, disable Expect-CT reports. |
+ if (!transport_security_state->CheckCTRequirements( |
+ HostPortPair(new_hostname, 0), ssl_info.is_issued_by_known_root, |
+ ssl_info.public_key_hashes, ssl_info.cert.get(), |
+ ssl_info.unverified_cert.get(), |
+ ssl_info.signed_certificate_timestamps, |
+ TransportSecurityState::DISABLE_EXPECT_CT_REPORTS, |
+ ssl_info.ct_cert_policy_compliance)) { |
return false; |
} |