add setter for enable_pkp_bypass_etc

components/cronet/ios/test/cronet_pkp_test.mm

Index: components/cronet/ios/test/cronet_pkp_test.mm
diff --git a/components/cronet/ios/test/cronet_pkp_test.mm b/components/cronet/ios/test/cronet_pkp_test.mm
index 962a54ec18ecf486460998f7ce40613b299e7fcf..79a9706b2a6c8a537bf9be581e285576064f345c 100644
--- a/components/cronet/ios/test/cronet_pkp_test.mm
+++ b/components/cronet/ios/test/cronet_pkp_test.mm
@@ -78,6 +78,7 @@ class PkpTest : public CronetTestBase {
                             NSData* hash,
                             BOOL include_subdomains,
                             NSDate* expiration_date) {
+    [Cronet setEnablePublicKeyPinningBypassForLocalTrustAnchors:NO];
     NSSet* hashes = [NSSet setWithObject:hash];
     NSError* error;
     BOOL success = [Cronet addPublicKeyPinsForHost:host
@@ -141,6 +142,21 @@ TEST_F(PkpTest, TestSuccessIfPinMatches) {
   ASSERT_NO_FATAL_FAILURE(sendRequestAndAssertResult(request_url_, kSuccess));
 }
 
+TEST_F(PkpTest, TestBypass) {
+  [Cronet setEnablePublicKeyPinningBypassForLocalTrustAnchors:YES];
+
+  NSSet* hashes = [NSSet setWithObject:NonMatchingHash()];
+  NSError* error;
+  BOOL success = [Cronet addPublicKeyPinsForHost:server_host_
+                                       pinHashes:hashes
+                               includeSubdomains:kExcludeSubdomains
+                                  expirationDate:(NSDate*)kDistantFuture
+                                           error:&error];
+
+  EXPECT_FALSE(success);
+  EXPECT_EQ([error code], CRNErrorUnsupportedConfig);
+}
+
 // Tests the case when the pin hash does not match and the client accesses the
 // subdomain of the configured PKP host with includeSubdomains flag set to true.
 // The client is expected to receive the error response.