Show these three cert errors as warnings, not errors (as requested by Ian):...

chrome/browser/page_info_model.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/page_info_model.h"
 
 #include <string>
 
 #include "app/l10n_util.h"
 #include "base/command_line.h"
@@ skipping 24 matching lines @@
   scoped_refptr<net::X509Certificate> cert;
 
   // Identity section.
   string16 subject_name(UTF8ToUTF16(url.host()));
   bool empty_subject_name = false;
   if (subject_name.empty()) {
     subject_name.assign(
         l10n_util::GetStringUTF16(IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
     empty_subject_name = true;
   }
+
+  // Some of what IsCertStatusError classifies as errors we want to show as
+  // warnings instead.
+  static const int cert_warnings =
+      net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION |
+      net::CERT_STATUS_NO_REVOCATION_MECHANISM;
+  int status_with_warnings_removed = ssl.cert_status() & ~cert_warnings;
+
   if (ssl.cert_id() &&
       CertStore::GetSharedInstance()->RetrieveCert(ssl.cert_id(), &cert) &&
-      !net::IsCertStatusError(ssl.cert_status())) {
-    // OK HTTPS page.
-    if ((ssl.cert_status() & net::CERT_STATUS_IS_EV) != 0) {
+      !net::IsCertStatusError(status_with_warnings_removed)) {
+    // No error found so far, check cert_status warnings.
+    int cert_status = ssl.cert_status();
+    if (cert_status & cert_warnings) {
+      string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName()));
+      if (issuer_name.empty()) {
+        issuer_name.assign(l10n_util::GetStringUTF16(
+            IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
+      }
+      description.assign(l10n_util::GetStringFUTF16(
+          IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY, issuer_name));
+
+      description += ASCIIToUTF16("\n\n");
+      if (cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) {
+        description += l10n_util::GetStringUTF16(
+            IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION);
+      } else if (cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) {

[wtc, 2010/09/14 22:31:56]

Strictly speaking, we should not use "else if" here, because
the two CERT_STATUS_ bits can be set at the same time.

In practice, Chrome never sets the
CERT_STATUS_NO_REVOCATION_MECHANISM bit, so the code here will
work.

Another way to look at it is that if both bits are set,
we will only report the CERT_STATUS_UNABLE_TO_CHECK_REVOCATION bit,
and that's a reasonable thing to do.

+        description += l10n_util::GetStringUTF16(
+            IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM);
+      } else {
+        NOTREACHED() << "Need to specify string for this warning";
+      }
+      state = SECTION_STATE_WARNING_MINOR;
+    } else if ((ssl.cert_status() & net::CERT_STATUS_IS_EV) != 0) {
+      // EV HTTPS page.
       DCHECK(!cert->subject().organization_names.empty());
       headline =
           l10n_util::GetStringFUTF16(IDS_PAGE_INFO_EV_IDENTITY_TITLE,
               UTF8ToUTF16(cert->subject().organization_names[0]),
               UTF8ToUTF16(url.host()));
       // An EV Cert is required to have a city (localityName) and country but
       // state is "if any".
       DCHECK(!cert->subject().locality_name.empty());
       DCHECK(!cert->subject().country_name.empty());
       string16 locality;
       if (!cert->subject().state_or_province_name.empty()) {
         locality = l10n_util::GetStringFUTF16(
             IDS_PAGEINFO_ADDRESS,
             UTF8ToUTF16(cert->subject().locality_name),
             UTF8ToUTF16(cert->subject().state_or_province_name),
             UTF8ToUTF16(cert->subject().country_name));
       } else {
         locality = l10n_util::GetStringFUTF16(
             IDS_PAGEINFO_PARTIAL_ADDRESS,
             UTF8ToUTF16(cert->subject().locality_name),
             UTF8ToUTF16(cert->subject().country_name));
       }
       DCHECK(!cert->subject().organization_names.empty());
       description.assign(l10n_util::GetStringFUTF16(
           IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV,
           UTF8ToUTF16(cert->subject().organization_names[0]),
           locality,
           UTF8ToUTF16(cert->issuer().GetDisplayName())));
     } else {
-      // Non EV OK HTTPS.
+      // Non-EV OK HTTPS page.
       if (empty_subject_name)
         headline.clear();  // Don't display any title.
       else
         headline.assign(subject_name);
       string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName()));
       if (issuer_name.empty()) {
         issuer_name.assign(l10n_util::GetStringUTF16(
             IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
-      } else {
-        description.assign(l10n_util::GetStringFUTF16(
-            IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY, issuer_name));
       }
+      description.assign(l10n_util::GetStringFUTF16(
+          IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY, issuer_name));
     }
   } else {
-    // HTTP or bad HTTPS.
+    // HTTP or HTTPS with errors (not warnings).
     description.assign(l10n_util::GetStringUTF16(
         IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY));
     state = ssl.security_style() == SECURITY_STYLE_UNAUTHENTICATED ?
         SECTION_STATE_WARNING_MAJOR : SECTION_STATE_ERROR;
   }
   sections_.push_back(SectionInfo(
       state,
       l10n_util::GetStringUTF16(IDS_PAGE_INFO_SECURITY_TAB_IDENTITY_TITLE),
       headline,
       description,
@@ skipping 168 matching lines @@
   observer_->ModelChanged();
 }
 
 // static
 void PageInfoModel::RegisterPrefs(PrefService* prefs) {
   prefs->RegisterDictionaryPref(prefs::kPageInfoWindowPlacement);
 }
 
 PageInfoModel::PageInfoModel() {
 }