Mark active mixed content even if there is a certificate error

Mark active mixed content even if there is a certificate error

Previously, SSLPolicy did not mark a navigation entry with
RAN_INSECURE_CONTENT if the entry had already been downgraded to a
broken state (from a certificate error, for example). I'm not sure why
this was -- maybe just an optimization. However, it was incorrect, as
manifested in the DevTools security panel, where a broken-HTTPS page
with active mixed content would show up as a certificate error but all
resources served securely. (See bug for a screenshot.)

BUG=593950
Committed: https://crrev.com/6b45bc6f0ae42a9bf00ff559b6ae21056e5f4e0c
Cr-Commit-Position: refs/heads/master@{#410524}

[estark, 2016-08-06 17:39:58]

The CQ bit was checked by estark@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-06 17:40:06]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-06 18:44:32]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-06 18:44:33]

Dry run: This issue passed the CQ dry run.

[estark, 2016-08-07 00:13:35]

Description was changed from

==========
Mark active mixed content even if there is a certificate error

Previously, SSLPolicy did not mark a navigation entry with
RAN_INSECURE_CONTENT if the entry had already been downgraded to a
broken state (from a certificate error, for example). I'm not sure why
this was -- maybe just an optimization. However, it was incorrect, as
manifested in the DevTools security panel, where a broken-HTTPS page
would active mixed content would show up as a certificate error but all
resources served securely. (See bug for a screenshot.)

BUG=593950
==========

to

==========
Mark active mixed content even if there is a certificate error

Previously, SSLPolicy did not mark a navigation entry with
RAN_INSECURE_CONTENT if the entry had already been downgraded to a
broken state (from a certificate error, for example). I'm not sure why
this was -- maybe just an optimization. However, it was incorrect, as
manifested in the DevTools security panel, where a broken-HTTPS page
with active mixed content would show up as a certificate error but all
resources served securely. (See bug for a screenshot.)

BUG=593950
==========

[estark, 2016-08-08 05:19:50]

estark@chromium.org changed reviewers:
+ felt@chromium.org

[estark, 2016-08-08 05:19:51]

felt, another for you to look at when you have a chance. (These SSLPolicy
cleanups are not at all urgent.)

[felt, 2016-08-08 22:37:37]

nice cleanup. lgtm

[estark, 2016-08-08 22:45:53]

The CQ bit was checked by estark@chromium.org

[commit-bot: I haz the power, 2016-08-08 22:46:22]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-08 23:03:52]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-08 23:03:54]

Try jobs failed on following builders:
  cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...)
  linux_chromium_chromeos_ozone_rel_ng on master.tryserver.chromium.linux
(JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)

[estark, 2016-08-08 23:11:57]

The CQ bit was checked by estark@chromium.org

[commit-bot: I haz the power, 2016-08-08 23:12:33]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-08 23:23:57]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-08 23:23:58]

Try jobs failed on following builders:
  linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)

[estark, 2016-08-08 23:57:21]

Fixed some failing browser tests. These started failing now (didn't fail on my
dry run) because https://codereview.chromium.org/2191113002 landed, which
temporarily exacerbates the problem of broken-HTTPS subresources getting treated
exactly the same as mixed content. That's something I plan to fix in
crbug.com/634171; https://codereview.chromium.org/2226523002/ is almost ready to
mail for it.

[estark, 2016-08-08 23:57:35]

The CQ bit was checked by estark@chromium.org

[estark, 2016-08-08 23:57:35]

The patchset sent to the CQ was uploaded after l-g-t-m from felt@chromium.org
Link to the patchset: https://codereview.chromium.org/2224693002/#ps40001
(title: "Fix browser tests")

[commit-bot: I haz the power, 2016-08-08 23:58:00]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-09 02:17:44]

Description was changed from

==========
Mark active mixed content even if there is a certificate error

Previously, SSLPolicy did not mark a navigation entry with
RAN_INSECURE_CONTENT if the entry had already been downgraded to a
broken state (from a certificate error, for example). I'm not sure why
this was -- maybe just an optimization. However, it was incorrect, as
manifested in the DevTools security panel, where a broken-HTTPS page
with active mixed content would show up as a certificate error but all
resources served securely. (See bug for a screenshot.)

BUG=593950
==========

to

==========
Mark active mixed content even if there is a certificate error

Previously, SSLPolicy did not mark a navigation entry with
RAN_INSECURE_CONTENT if the entry had already been downgraded to a
broken state (from a certificate error, for example). I'm not sure why
this was -- maybe just an optimization. However, it was incorrect, as
manifested in the DevTools security panel, where a broken-HTTPS page
with active mixed content would show up as a certificate error but all
resources served securely. (See bug for a screenshot.)

BUG=593950
==========

[commit-bot: I haz the power, 2016-08-09 02:17:45]

Committed patchset #3 (id:40001)

[commit-bot: I haz the power, 2016-08-09 02:20:32]

Description was changed from

==========
Mark active mixed content even if there is a certificate error

Previously, SSLPolicy did not mark a navigation entry with
RAN_INSECURE_CONTENT if the entry had already been downgraded to a
broken state (from a certificate error, for example). I'm not sure why
this was -- maybe just an optimization. However, it was incorrect, as
manifested in the DevTools security panel, where a broken-HTTPS page
with active mixed content would show up as a certificate error but all
resources served securely. (See bug for a screenshot.)

BUG=593950
==========

to

==========
Mark active mixed content even if there is a certificate error

Previously, SSLPolicy did not mark a navigation entry with
RAN_INSECURE_CONTENT if the entry had already been downgraded to a
broken state (from a certificate error, for example). I'm not sure why
this was -- maybe just an optimization. However, it was incorrect, as
manifested in the DevTools security panel, where a broken-HTTPS page
with active mixed content would show up as a certificate error but all
resources served securely. (See bug for a screenshot.)

BUG=593950

Committed: https://crrev.com/6b45bc6f0ae42a9bf00ff559b6ae21056e5f4e0c
Cr-Commit-Position: refs/heads/master@{#410524}
==========

[commit-bot: I haz the power, 2016-08-09 02:20:32]

Patchset 3 (id:??) landed as
https://crrev.com/6b45bc6f0ae42a9bf00ff559b6ae21056e5f4e0c
Cr-Commit-Position: refs/heads/master@{#410524}