Update SSL error handling code to account for Subject CN deprecation

components/ssl_errors/error_classification.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
 #define COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_
 
 #include <string>
 #include <vector>
 
@@ skipping 10 matching lines @@
 namespace network_time {
 class NetworkTimeTracker;
 }
 
 namespace ssl_errors {
 
 typedef std::vector<std::string> HostnameTokens;
 
 // Methods for identifying specific error causes. ------------------------------
 
+// Events for UMA. Do not reorder or change!
+enum SSLInterstitialCause {
+  CLOCK_PAST,
+  CLOCK_FUTURE,
+  WWW_SUBDOMAIN_MATCH,         // Deprecated
+  SUBDOMAIN_MATCH,             // Deprecated
+  SUBDOMAIN_INVERSE_MATCH,     // Deprecated
+  SUBDOMAIN_OUTSIDE_WILDCARD,  // Deprecated
+  HOST_NAME_NOT_KNOWN_TLD,
+  LIKELY_MULTI_TENANT_HOSTING,  // Deprecated
+  LOCALHOST,
+  PRIVATE_URL,
+  AUTHORITY_ERROR_CAPTIVE_PORTAL,  // Deprecated in M47.
+  SELF_SIGNED,
+  EXPIRED_RECENTLY,
+  LIKELY_SAME_DOMAIN,  // Deprecated
+  // In Chrome 58, SubjectCN matching was deprecated, deprecating original
+  // metrics to be replaced with the 2-suffixed variants below.
+  NO_SUBJECT_ALT_NAMES,
+  WWW_SUBDOMAIN_MATCH2,
+  SUBDOMAIN_MATCH2,
+  SUBDOMAIN_INVERSE_MATCH2,
+  SUBDOMAIN_OUTSIDE_WILDCARD2,
+  LIKELY_MULTI_TENANT_HOSTING2,
+  LIKELY_SAME_DOMAIN2,
+  UNUSED_INTERSTITIAL_CAUSE_ENTRY,
+};
+
 // What is known about the accuracy of system clock.  Do not change or
 // reorder; these values are used in an UMA histogram.
 enum ClockState {
   // Not known whether system clock is close enough.
   CLOCK_STATE_UNKNOWN,
 
   // System clock is "close enough", per network time.
   CLOCK_STATE_OK,
 
   // System clock is behind.
@@ skipping 62 matching lines @@
 // fields.
 bool IsCertLikelyFromMultiTenantHosting(const GURL& request_url,
                                         const net::X509Certificate& cert);
 
 // Returns true if the hostname in |request_url_| has the same domain
 // (effective TLD + 1 label) as at least one of the subject
 // alternative names in |cert_|.
 bool IsCertLikelyFromSameDomain(const GURL& request_url,
                                 const net::X509Certificate& cert);
 
-// Returns true if the site's hostname differs from one of the DNS
-// names in the certificate (CN or SANs) only by the presence or
-// absence of the single-label prefix "www". E.g.: (The first domain
-// is hostname and the second domain is a DNS name in the certificate)
-//     www.example.com ~ example.com -> true
-//     example.com ~ www.example.com -> true
-//     www.food.example.com ~ example.com -> false
-//     mail.example.com ~ example.com -> false
+// Returns true if the site's hostname differs from one of the DNS names in
+// |dns_names| only by the presence or absence of the single-label prefix "www".
+// The matching name from the certificate is returned in |www_match_host_name|.
 bool GetWWWSubDomainMatch(const GURL& request_url,
                           const std::vector<std::string>& dns_names,
                           std::string* www_match_host_name);
 
 // Method for recording results. -----------------------------------------------
 
 void RecordUMAStatistics(bool overridable,
                          const base::Time& current_time,
                          const GURL& request_url,
                          int cert_error,
@@ skipping 34 matching lines @@
 // appspot.com.
 bool AnyNamesUnderName(const std::vector<HostnameTokens>& potential_children,
                        const HostnameTokens& parent);
 
 // Exposed for teshting.
 size_t GetLevenshteinDistance(const std::string& str1, const std::string& str2);
 
 }  // namespace ssl_errors
 
 #endif  // COMPONENTS_SSL_ERRORS_ERROR_CLASSIFICATION_H_