Add UMA entry for intranet SSL warnings

net/cert/cert_verify_proc.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_CERT_CERT_VERIFY_PROC_H_
 #define NET_CERT_CERT_VERIFY_PROC_H_
 
 #include <string>
 #include <vector>
 
@@ skipping 48 matching lines @@
              int flags,
              CRLSet* crl_set,
              const CertificateList& additional_trust_anchors,
              CertVerifyResult* verify_result);
 
   // Returns true if the implementation supports passing additional trust
   // anchors to the Verify() call. The |additional_trust_anchors| parameter
   // passed to Verify() is ignored when this returns false.
   virtual bool SupportsAdditionalTrustAnchors() const = 0;
 
+  // Returns true if |hostname| contains a name that is non-unique among
+  // certificates (eg: an "internal server name").
+  //
+  // While such names are not scheduled to be deprecated until 1 November 2015
+  // according to the CA/Browser Forum Baseline Requirements (v1.1), they
+  // represent a real risk for the deployment of new gTLDs, and thus being
+  // phased out ahead of the hard deadline.
+  // TODO(rsleevi): http://crbug.com/119212 - Also match internal IP address
+  // ranges.
+  static bool IsHostnameNonUnique(const std::string& hostname);

[Ryan Sleevi, 2013/08/01 19:03:55]

I don't know what happened, but my original comment was lost and I missed it.

I suggest that this be moved from CVP into net_util. CVP is more of an
implementation of net/. It also fits more in net_util, since that's where the
existing IP address functionality (localhost, reserved, cidr mapping) lives, and
this will logically fit with http://crbug.com/119212

[felt, 2013/08/01 20:32:22]

Done, moved it over.

+
  protected:
   CertVerifyProc();
   virtual ~CertVerifyProc();
 
  private:
   friend class base::RefCountedThreadSafe<CertVerifyProc>;
   friend class CertVerifyProcNonUniqueNameTest;
   FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, DigiNotarCerts);
 
   // Performs the actual verification using the desired underlying
   // cryptographic library.
   virtual int VerifyInternal(X509Certificate* cert,
                              const std::string& hostname,
                              int flags,
                              CRLSet* crl_set,
                              const CertificateList& additional_trust_anchors,
                              CertVerifyResult* verify_result) = 0;
 
   // Returns true if |cert| is explicitly blacklisted.
   static bool IsBlacklisted(X509Certificate* cert);
 
   // IsPublicKeyBlacklisted returns true iff one of |public_key_hashes| (which
   // are hashes of SubjectPublicKeyInfo structures) is explicitly blocked.
   static bool IsPublicKeyBlacklisted(const HashValueVector& public_key_hashes);
 
-  // Returns true if |hostname| contains a name that is non-unique among
-  // certificates (eg: an "internal server name").
-  //
-  // While such names are not scheduled to be deprecated until 1 November 2015
-  // according to the CA/Browser Forum Baseline Requirements (v1.1), they
-  // represent a real risk for the deployment of new gTLDs, and thus being
-  // phased out ahead of the hard deadline.
-  // TODO(rsleevi): http://crbug.com/119212 - Also match internal IP address
-  // ranges.
-  static bool IsHostnameNonUnique(const std::string& hostname);
-
   DISALLOW_COPY_AND_ASSIGN(CertVerifyProc);
 };
 
 }  // namespace net
 
 #endif  // NET_CERT_CERT_VERIFY_PROC_H_