Display when PKP is bypassed in devtools

chrome/browser/ssl/chrome_security_state_model_client.cc

Index: chrome/browser/ssl/chrome_security_state_model_client.cc
diff --git a/chrome/browser/ssl/chrome_security_state_model_client.cc b/chrome/browser/ssl/chrome_security_state_model_client.cc
index 0c54067f1d04f059257f457dd79687571ecc5e92..6f242a44db8042df8ef6383c673a313d20dbe810 100644
--- a/chrome/browser/ssl/chrome_security_state_model_client.cc
+++ b/chrome/browser/ssl/chrome_security_state_model_client.cc
@@ -114,7 +114,6 @@ content::SecurityStyle ChromeSecurityStateModelClient::GetSecurityStyle(
   if (!security_info.scheme_is_cryptographic) {
     return security_style;
   }
-  security_style_explanations->pkp_bypassed = security_info.pkp_bypassed;
 
   if (security_info.sha1_deprecation_status ==
       SecurityStateModel::DEPRECATED_SHA1_MAJOR) {
@@ -181,6 +180,14 @@ content::SecurityStyle ChromeSecurityStateModelClient::GetSecurityStyle(
                 IDS_SECURE_PROTOCOL_AND_CIPHERSUITE_DESCRIPTION)));
   }
 
+  security_style_explanations->pkp_bypassed = security_info.pkp_bypassed;
+  if (security_info.pkp_bypassed) {
+    security_style_explanations->info_explanations.push_back(
+        content::SecurityStyleExplanation(
+            "Public-Key Pinning Bypassed",
+            "Public-key pinning was bypassed by a local root certificate."));
+  }
+
   return security_style;
 }