net: make HSTS hosts use the normal SSL interstitials

content/browser/ssl/ssl_cert_error_handler.h

Index: content/browser/ssl/ssl_cert_error_handler.h
diff --git a/content/browser/ssl/ssl_cert_error_handler.h b/content/browser/ssl/ssl_cert_error_handler.h
index 6dcbe0ffe41ca3a27532e6ba4b98b0b2ebfcfed8..138d56b7e385580a75c88fe890e4a0008b6a3135 100644
--- a/content/browser/ssl/ssl_cert_error_handler.h
+++ b/content/browser/ssl/ssl_cert_error_handler.h
@@ -25,13 +25,15 @@ class SSLCertErrorHandler : public SSLErrorHandler {
                       net::URLRequest* request,
                       ResourceType::Type resource_type,
                       int cert_error,
-                      net::X509Certificate* cert);
+                      const net::SSLInfo& ssl_info,
+                      bool must_be_fatal);
 
   virtual SSLCertErrorHandler* AsSSLCertErrorHandler();
 
   // These accessors are available on either thread
   const net::SSLInfo& ssl_info() const { return ssl_info_; }
   int cert_error() const { return cert_error_; }
+  bool must_be_fatal() const { return must_be_fatal_; }
 
  protected:
   // SSLErrorHandler methods
@@ -42,8 +44,9 @@ class SSLCertErrorHandler : public SSLErrorHandler {
   virtual ~SSLCertErrorHandler();
 
   // These read-only members may be accessed on any thread.
-  net::SSLInfo ssl_info_;
+  const net::SSLInfo ssl_info_;
   const int cert_error_;  // The error we represent.
+  const bool must_be_fatal_;  // true if the error is from an HSTS host.

[wtc, 2011/09/23 00:04:51]

To be precise, this should also say "and the error is not
"ERR_CERT_UNABLE_TO_CHECK_REVOCATION".

 
   DISALLOW_COPY_AND_ASSIGN(SSLCertErrorHandler);
 };