[ios] Do not show SSL interstitial if cert is absent or cannot be parsed

ios/web/web_state/ui/crw_web_controller.mm

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #import "ios/web/web_state/ui/crw_web_controller.h"
 
 #import <WebKit/WebKit.h>
 
 #import <objc/runtime.h>
 #include <stddef.h>
@@ skipping 1913 matching lines @@
       [self.nativeController setDelegate:self];
     }
   }
 }
 
 - (void)loadErrorInNativeView:(NSError*)error {
   [self removeWebViewAllowingCachedReconstruction:NO];
 
   const GURL currentUrl = [self currentNavigationURL];
 
-  error = web::NetErrorFromError(error);
+  if (web::IsWKWebViewSSLCertError(error)) {
+    // This could happen only if certificate is absent or could not be parsed.
+    error = web::NetErrorFromError(error, net::ERR_SSL_SERVER_CERT_BAD_FORMAT);
+#if defined(DEBUG)
+    net::SSLInfo info;
+    web::GetSSLInfoFromWKWebViewSSLCertError(error, &info);
+    CHECK(!error.cert);
+#endif
+  } else {
+    error = web::NetErrorFromError(error);
+  }
+
   BOOL isPost = [self isCurrentNavigationItemPOST];
   [self setNativeController:[_nativeProvider controllerForURL:currentUrl
                                                     withError:error
                                                        isPost:isPost]];
   [self loadNativeViewWithSuccess:NO];
 }
 
 // Load the current URL in a native controller, retrieved from the native
 // provider. Call |loadNativeViewWithSuccess:YES| to load the native controller.
 - (void)loadCurrentURLInNativeView {
@@ skipping 2530 matching lines @@
   CHECK(web::IsWKWebViewSSLCertError(error));
 
   net::SSLInfo info;
   web::GetSSLInfoFromWKWebViewSSLCertError(error, &info);
 
   // TODO(crbug.com/602298): Remove |status| variable, once |presentSSLError:|
   // callback is dropped.
   web::SSLStatus status;
   status.security_style = web::SECURITY_STYLE_AUTHENTICATION_BROKEN;
   status.cert_status = info.cert_status;
-  // |info.cert| can be null if certChain in NSError is empty or can not be
-  // parsed.
-  if (info.cert) {
-    status.cert_id = web::CertStore::GetInstance()->StoreCert(info.cert.get(),
-                                                              self.certGroupID);
+  if (!info.cert) {
+    // |info.cert| can be null if certChain in NSError is empty or can not be
+    // parsed, in this case do not ask delegate if error should be allowed, it
+    // should not be.
+    [self handleLoadError:error inMainFrame:YES];
+    return;
   }
 
+  status.cert_id = web::CertStore::GetInstance()->StoreCert(info.cert.get(),
+                                                            self.certGroupID);
+
   // Retrieve verification results from _certVerificationErrors cache to avoid
   // unnecessary recalculations. Verification results are cached for the leaf
   // cert, because the cert chain in |didReceiveAuthenticationChallenge:| is
   // the OS constructed chain, while |chain| is the chain from the server.
   NSArray* chain = error.userInfo[web::kNSErrorPeerCertificateChainKey];
   NSURL* requestURL = error.userInfo[web::kNSErrorFailingURLKey];
   NSString* host = [requestURL host];
   scoped_refptr<net::X509Certificate> leafCert;
   BOOL recoverable = NO;
   if (chain.count && host.length) {
@@ skipping 1104 matching lines @@
   }
 
   return web::WEB_VIEW_DOCUMENT_TYPE_GENERIC;
 }
 
 - (NSString*)refererFromNavigationAction:(WKNavigationAction*)action {
   return [action.request valueForHTTPHeaderField:@"Referer"];
 }
 
 @end