Add a DevTools warning for a missing subjectAltName

components/security_state/content/content_utils.cc

Index: components/security_state/content/content_utils.cc
diff --git a/components/security_state/content/content_utils.cc b/components/security_state/content/content_utils.cc
index ae007c335a78b8fc897250b621a3f22da0937e43..4e60465d8ca60aba66a9793bbf634a60444164ac 100644
--- a/components/security_state/content/content_utils.cc
+++ b/components/security_state/content/content_utils.cc
@@ -226,6 +226,14 @@ blink::WebSecurityStyle GetSecurityStyle(
             !!security_info.certificate));
   }
 
+  if (security_info.cert_missing_subject_alt_name) {
+    security_style_explanations->unauthenticated_explanations.push_back(

[estark, 2017/03/21 23:33:03]

I think this probably should be |broken_explanations|, at least in the case
where IsCertStatusError is true.

Apologies that these fields are poorly named/documented, and not particularly
well-differentiated in the UI right now, but |unauthenticated_explanations| is
supposed to be "This is why your page got downgraded to the (i) icon" and
|broken_explanations| is supposed to be "This is why your page has the red
Dangerous triangle."

(filed crbug.com/703882 to clean up the field names/comments)

[Ryan Sleevi, 2017/03/22 00:10:47]

I left it as broken for all cases, does that work? If only because it's the
"thing that will break soon" (but we don't presently degrade the lock icon in
the case of enterprise policy)

[estark, 2017/03/22 00:16:21]

Yeah, that's fine by me, thanks.

+        content::SecurityStyleExplanation(
+            l10n_util::GetStringUTF8(IDS_SUBJECT_ALT_NAME_MISSING),
+            l10n_util::GetStringUTF8(IDS_SUBJECT_ALT_NAME_MISSING_DESCRIPTION),
+            !!security_info.certificate));
+  }
+
   // Record the presence of mixed content (HTTP subresources on an HTTPS
   // page).
   security_style_explanations->ran_mixed_content =