Track subresources with cert errors separately from mixed content

content/browser/ssl/ssl_policy.cc

Index: content/browser/ssl/ssl_policy.cc
diff --git a/content/browser/ssl/ssl_policy.cc b/content/browser/ssl/ssl_policy.cc
index b962c5939cf345cee89f9ffb473d90cb646586b6..bead9c5a95a14374a90cf1ea927d4fbb1cfcb5cf 100644
--- a/content/browser/ssl/ssl_policy.cc
+++ b/content/browser/ssl/ssl_policy.cc
@@ -117,6 +117,19 @@ void SSLPolicy::DidRunInsecureContent(NavigationEntryImpl* entry,
                                    site_instance->GetProcess()->GetID());
 }
 
+void SSLPolicy::DidRunContentWithCertErrors(NavigationEntryImpl* entry,
+                                            const GURL& security_origin) {
+  if (!entry)
+    return;
+
+  SiteInstance* site_instance = entry->site_instance();
+  if (!site_instance)
+    return;
+
+  backend_->HostRanContentWithCertErrors(security_origin.host(),
+                                         site_instance->GetProcess()->GetID());
+}
+
 void SSLPolicy::OnRequestStarted(const GURL& url,
                                  int cert_id,
                                  net::CertStatus cert_status) {
@@ -156,6 +169,14 @@ void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry,
   if (web_contents->DisplayedInsecureContent())
     entry->GetSSL().content_status |= SSLStatus::DISPLAYED_INSECURE_CONTENT;
 
+  if (!web_contents->DisplayedContentWithCertErrors())
+    entry->GetSSL().content_status &=
+        ~SSLStatus::DISPLAYED_CONTENT_WITH_CERT_ERRORS;
+
+  if (web_contents->DisplayedContentWithCertErrors())
+    entry->GetSSL().content_status |=
+        SSLStatus::DISPLAYED_CONTENT_WITH_CERT_ERRORS;
+
   if (entry->GetSSL().security_style == SECURITY_STYLE_AUTHENTICATION_BROKEN)
     return;
 
@@ -169,7 +190,12 @@ void SSLPolicy::UpdateEntry(NavigationEntryImpl* entry,
     entry->GetSSL().security_style =
         SECURITY_STYLE_AUTHENTICATION_BROKEN;
     entry->GetSSL().content_status |= SSLStatus::RAN_INSECURE_CONTENT;
-    return;
+  }
+  if (site_instance &&
+      backend_->DidHostRunContentWithCertErrors(
+          entry->GetURL().host(), site_instance->GetProcess()->GetID())) {
+    entry->GetSSL().security_style = SECURITY_STYLE_AUTHENTICATION_BROKEN;
+    entry->GetSSL().content_status |= SSLStatus::RAN_CONTENT_WITH_CERT_ERRORS;
   }
 }