net: make HSTS hosts use the normal SSL interstitials

net/url_request/url_request.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_URL_REQUEST_URL_REQUEST_H_
 #define NET_URL_REQUEST_URL_REQUEST_H_
 #pragma once
 
 #include <map>
 #include <string>
@@ skipping 65 matching lines @@
 class BlobURLRequestJobTest;
 }
 
 namespace net {
 
 class CookieList;
 class CookieOptions;
 class HostPortPair;
 class IOBuffer;
 class SSLCertRequestInfo;
+class SSLInfo;
 class UploadData;
 class URLRequestContext;
 class URLRequestJob;
 class X509Certificate;
 
 // This stores the values of the Set-Cookie headers received during the request.
 // Each item in the vector corresponds to a Set-Cookie: line received,
 // excluding the "Set-Cookie:" part.
 typedef std::vector<std::string> ResponseCookies;
 
@@ skipping 163 matching lines @@
     virtual void OnCertificateRequested(
         URLRequest* request,
         SSLCertRequestInfo* cert_request_info);
 
     // Called when using SSL and the server responds with a certificate with
     // an error, for example, whose common name does not match the common name
     // we were expecting for that host.  The delegate should either do the
     // safe thing and Cancel() the request or decide to proceed by calling
     // ContinueDespiteLastError().  cert_error is a ERR_* error code
     // indicating what's wrong with the certificate.
+    // If |must_be_fatal| is true then the host in question is an HSTS host
+    // which demands a higher level of security. In this case, errors must not
+    // be bypassable by the user.
     virtual void OnSSLCertificateError(URLRequest* request,
                                        int cert_error,
-                                       X509Certificate* cert);
+                                       const SSLInfo& ssl_info,
+                                       bool must_be_fatal);

[wtc, 2011/09/23 00:04:51]

The cert_error argument should be removed because it can
be derived from ssl_info.cert_status by calling
net::MapCertStatusToNetError(ssl_info.cert_status).

 
     // Called when reading cookies to allow the delegate to block access to the
     // cookie. This method will never be invoked when LOAD_DO_NOT_SEND_COOKIES
     // is specified.
     virtual bool CanGetCookies(const URLRequest* request,
                                const CookieList& cookie_list) const;
 
     // Called when a cookie is set to allow the delegate to block access to the
     // cookie. This method will never be invoked when LOAD_DO_NOT_SAVE_COOKIES
     // is specified.
@@ skipping 424 matching lines @@
   // occurs.
   void NotifyResponseStarted();
 
   bool has_delegate() const { return delegate_ != NULL; }
 
   // These functions delegate to |delegate_| and may only be used if
   // |delegate_| is not NULL. See URLRequest::Delegate for the meaning
   // of these functions.
   void NotifyAuthRequired(AuthChallengeInfo* auth_info);
   void NotifyCertificateRequested(SSLCertRequestInfo* cert_request_info);
-  void NotifySSLCertificateError(int cert_error, X509Certificate* cert);
+  void NotifySSLCertificateError(int cert_error,
+                                 const SSLInfo& ssl_info,
+                                 bool must_be_fatal);
   bool CanGetCookies(const CookieList& cookie_list) const;
   bool CanSetCookie(const std::string& cookie_line,
                     CookieOptions* options) const;
   void NotifyReadCompleted(int bytes_read);
 
   // Called when the delegate blocks or unblocks this request when intercepting
   // certain requests.
   void SetBlockedOnDelegate();
   void SetUnblockedOnDelegate();
 
@@ skipping 75 matching lines @@
   // messages to network delegate.
   // TODO(battre): Remove this. http://crbug.com/89049
   bool has_notified_completion_;
 
   DISALLOW_COPY_AND_ASSIGN(URLRequest);
 };
 
 }  // namespace net
 
 #endif  // NET_URL_REQUEST_URL_REQUEST_H_