Oops, my suggested fix made no sense. I was trying to suggest that we send a report even if result != OK, so that we send a report when we try to verify the certificate and have populated |ocsp_result| (i.e. when we first hit the certificate error, before the user bypasses it). When the user is bypassing the error, we still need a way to tell that |ocsp_result| has not been populated so that we don't send a report in that case.

Should we send reports at all if there's a certificate error (including bypassed ones)?

I think we should. If an OCSP response is missing on a connection, I'd imagine a site owner would want to know about it even if there was also a certificate error.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/13e0b315a37468b305d5504caab8f3dd3691f3ba

commit 13e0b315a37468b305d5504caab8f3dd3691f3ba
Author: estark <estark@chromium.org>
Date: Thu Dec 22 23:52:32 2016

Do not do Expect-Staple when OCSPVerifyResult has not been populated

The OCSPVerifyResult is not always populated on a connection, for example
when a certificate error has been bypassed. This CL adds a new response
status that allows us to distinguish whether or not OCSP details have been
checked on the connection, and we no longer send reports when they haven't
been checked.

This CL also adds a test that reports are not sent when there is a
certificate error, as is the case when first encountering a cert error,
before it has been bypassed.

BUG= 654127 

Review-Url: https://codereview.chromium.org/2587243002
Cr-Commit-Position: refs/heads/master@{#440547}

[modify] https://crrev.com/13e0b315a37468b305d5504caab8f3dd3691f3ba/net/cert/ocsp_verify_result.h
[modify] https://crrev.com/13e0b315a37468b305d5504caab8f3dd3691f3ba/net/http/transport_security_state.cc
[modify] https://crrev.com/13e0b315a37468b305d5504caab8f3dd3691f3ba/net/url_request/url_request_unittest.cc