Update SSL error handling code to account for Subject CN deprecation

components/ssl_errors/error_classification.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
 #define COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
 
 #include <string>
 #include <vector>
 
@@ skipping 92 matching lines @@
 // fields.
 bool IsCertLikelyFromMultiTenantHosting(const GURL& request_url,
                                         const net::X509Certificate& cert);
 
 // Returns true if the hostname in |request_url_| has the same domain
 // (effective TLD + 1 label) as at least one of the subject
 // alternative names in |cert_|.
 bool IsCertLikelyFromSameDomain(const GURL& request_url,
                                 const net::X509Certificate& cert);
 
-// Returns true if the site's hostname differs from one of the DNS
-// names in the certificate (CN or SANs) only by the presence or
-// absence of the single-label prefix "www". E.g.: (The first domain
-// is hostname and the second domain is a DNS name in the certificate)
+// Returns true if the site's hostname differs from one of the DNS names in the
+// certificate (SANs) only by the presence or absence of the single-label prefix
+// "www". E.g.: (The first domain is the url's hostname and the second domain is
+// a DNS name in the certificate):
 //     www.example.com ~ example.com -> true
 //     example.com ~ www.example.com -> true
 //     www.food.example.com ~ example.com -> false
 //     mail.example.com ~ example.com -> false
+bool IsWWWSubDomainMatch(const GURL& request_url,

[estark, 2017/04/03 02:01:42]

Does this need to live in the public interface? Looks like it's only used by
unit tests, in which case we could instead unit test the interface we already
have, i.e. test that RecordUMAStatistics does not record WWW_SUBDOMAIN_MATCH
when there's no SubjectAltName. That would involve moving SSLInterstitialCause
into the public header to unit test the histogram, but IMO that's a better
change because it would allow us to write more unit tests in future for
RecordUMAStatistics, which we really should have.

[elawrence, 2017/04/04 15:52:28]

Done.

+                         const net::X509Certificate& cert);
+
+// Returns true if the site's hostname differs from one of the DNS names in
+// |dns_names| only by the presence or absence of the single-label prefix "www".
+// The matching name from the certificate is returned in |www_match_host_name|.
 bool GetWWWSubDomainMatch(const GURL& request_url,
                           const std::vector<std::string>& dns_names,
                           std::string* www_match_host_name);
 
 // Method for recording results. -----------------------------------------------
 
 void RecordUMAStatistics(bool overridable,
                          const base::Time& current_time,
                          const GURL& request_url,
                          int cert_error,
@@ skipping 34 matching lines @@
 // appspot.com.
 bool AnyNamesUnderName(const std::vector<HostnameTokens>& potential_children,
                        const HostnameTokens& parent);
 
 // Exposed for teshting.
 size_t GetLevenshteinDistance(const std::string& str1, const std::string& str2);
 
 }  // namespace ssl_errors
 
 #endif  // COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_