Add --ignore-certificate-errors-spki-list switch and UMA histogram.

chrome/common/chrome_switches.cc

Index: chrome/common/chrome_switches.cc
diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index 32cad7c109aa537bd4ff876282388c31d8d45987..26c0226b936234f75bac86fba88d1eea5c1f9c63 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -536,6 +536,19 @@ const char kHostResolverRetryAttempts[]     = "host-resolver-retry-attempts";
 // proxy connection, and the endpoint host in a SOCKS proxy connection).
 const char kHostRules[]                     = "host-rules";
 
+// A set of public key hashes for which to ignore certificate-related errors.
+//
+// If the certificate chain presented by the server does not validate, and one
+// or more certificates have public key hashes that match a key from this list,
+// the error is ignored.
+//
+// The switch value must a be a comma-separated list of Base64-encoded SHA-256
+// SPKI Fingerprints (RFC 7469, Section 2.4).
+//
+// This switch has no effect unless --user-data-dir is also present.
+const char kIgnoreCertificateErrorsSPKIList[] =
+    "ignore-certificate-errors-spki-list";
+
 // Causes net::URLFetchers to ignore requests for SSL client certificates,
 // causing them to attempt an unauthenticated SSL/TLS session. This is intended
 // for use when testing various service URLs (eg: kPromoServerURL, kSbURLPrefix,