Index: net/socket/ssl_client_socket_nss.cc |
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc |
index 92af627b7f871e3edc19ae201c9da6919fc0a5ee..02dc039e6c18f5a6f736c2fb50c62574019b2c06 100644 |
--- a/net/socket/ssl_client_socket_nss.cc |
+++ b/net/socket/ssl_client_socket_nss.cc |
@@ -93,6 +93,7 @@ |
#include "net/cert/asn1_util.h" |
#include "net/cert/cert_status_flags.h" |
#include "net/cert/cert_verifier.h" |
+#include "net/cert/ct_ev_whitelist.h" |
#include "net/cert/ct_objects_extractor.h" |
#include "net/cert/ct_verifier.h" |
#include "net/cert/ct_verify_result.h" |
@@ -3442,6 +3443,17 @@ int SSLClientSocketNSS::DoVerifyCertComplete(int result) { |
result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
} |
+ if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) { |
+ // fingerprint certificate |
wtc
2014/08/20 19:04:22
Nit: this comment can be omitted because it merely
Eran Messeri
2014/09/02 12:20:23
Done.
|
+ const SHA256HashValue fingerprint(X509Certificate::CalculateFingerprint256( |
+ server_cert_verify_result_.verified_cert->os_cert_handle())); |
+ |
+ UMA_HISTOGRAM_BOOLEAN( |
+ "Net.SSL_EVCertificateInWhitelist", |
+ ct::IsCertificateHashInWhitelist( |
+ std::string(reinterpret_cast<const char*>(fingerprint.data), 8))); |
+ } |
+ |
if (result == OK) { |
// Only check Certificate Transparency if there were no other errors with |
// the connection. |