Use network time for bad clock interstitial.

chrome/browser/ssl/ssl_error_handler.cc

Index: chrome/browser/ssl/ssl_error_handler.cc
diff --git a/chrome/browser/ssl/ssl_error_handler.cc b/chrome/browser/ssl/ssl_error_handler.cc
index 4e0a84bfa43deac3a4b5778737ba413f563e50ea..4606f2a6c747e3f01e3b5c86a59916bcb15d51c3 100644
--- a/chrome/browser/ssl/ssl_error_handler.cc
+++ b/chrome/browser/ssl/ssl_error_handler.cc
@@ -14,6 +14,7 @@
 #include "base/strings/stringprintf.h"
 #include "base/time/clock.h"
 #include "base/time/time.h"
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ssl/bad_clock_blocking_page.h"
 #include "chrome/browser/ssl/ssl_blocking_page.h"
@@ -33,6 +34,10 @@
 #include "chrome/browser/ssl/captive_portal_blocking_page.h"
 #endif
 
+namespace network_time {
+class NetworkTimeTracker;
+}
+
 namespace {
 
 // The delay in milliseconds before displaying the SSL interstitial.
@@ -141,8 +146,14 @@ bool IsErrorDueToBadClock(const base::Time& now, int error) {
       ssl_errors::ErrorInfo::CERT_DATE_INVALID) {
     return false;
   }
-  return ssl_errors::IsUserClockInThePast(now) ||
-         ssl_errors::IsUserClockInTheFuture(now);
+  switch (ssl_errors::GetClockState(
+      now, g_browser_process->network_time_tracker())) {
+    case ssl_errors::CLOCK_STATE_FUTURE:

[felt, 2016/03/11 23:23:45]

can you add a comment to say that this intentionally falls through? switch
statements that fall through give me a little bit of anxiety

[mab, 2016/03/11 23:34:20]

I'll just make it return.

+    case ssl_errors::CLOCK_STATE_PAST:
+      return true;
+    default:
+      return false;
+  }
 }
 
 }  // namespace