Update SSL error handling code to account for Subject CN deprecation

chrome/browser/ssl/ssl_error_handler.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ssl/ssl_error_handler.h"
 
 #include <stdint.h>
 #include <unordered_set>
 #include <utility>
 
@@ skipping 551 matching lines @@
   if (base::FeatureList::IsEnabled(kCaptivePortalCertificateList) &&
       only_error_is_name_mismatch &&
       g_config.Pointer()->IsKnownCaptivePortalCert(ssl_info_)) {
     RecordUMA(CAPTIVE_PORTAL_CERT_FOUND);
     ShowCaptivePortalInterstitial(
         GURL(captive_portal::CaptivePortalDetector::kDefaultURL));
     return;
   }
 #endif
 
-  std::vector<std::string> dns_names;
-  ssl_info_.cert->GetDNSNames(&dns_names);
-  DCHECK(!dns_names.empty());
-  GURL suggested_url;
   if (IsSSLCommonNameMismatchHandlingEnabled() &&
       cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID &&
-      delegate_->IsErrorOverridable() &&
-      delegate_->GetSuggestedUrl(dns_names, &suggested_url)) {
-    RecordUMA(WWW_MISMATCH_FOUND);
+      delegate_->IsErrorOverridable()) {
+    std::vector<std::string> dns_names;
+    ssl_info_.cert->GetSubjectAltName(&dns_names, nullptr);
+    GURL suggested_url;
+    if (!dns_names.empty() &&
+        delegate_->GetSuggestedUrl(dns_names, &suggested_url)) {
+      RecordUMA(WWW_MISMATCH_FOUND_IN_SAN);
 
-    // Show the SSL interstitial if |CERT_STATUS_COMMON_NAME_INVALID| is not
-    // the only error. Need not check for captive portal in this case.
-    // (See the comment below).
-    if (!only_error_is_name_mismatch) {
-      ShowSSLInterstitial();
+      // Show the SSL interstitial if |CERT_STATUS_COMMON_NAME_INVALID| is not
+      // the only error. Need not check for captive portal in this case.
+      // (See the comment below).
+      if (!only_error_is_name_mismatch) {
+        ShowSSLInterstitial();
+        return;
+      }
+      delegate_->CheckSuggestedUrl(
+          suggested_url,
+          base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback,
+                     weak_ptr_factory_.GetWeakPtr()));
+      timer_.Start(FROM_HERE, g_config.Pointer()->interstitial_delay(), this,
+                   &SSLErrorHandler::ShowSSLInterstitial);
+
+      if (g_config.Pointer()->timer_started_callback())
+        g_config.Pointer()->timer_started_callback()->Run(web_contents_);
+
+      // Do not check for a captive portal in this case, because a captive
+      // portal most likely cannot serve a valid certificate which passes the
+      // similarity check.
       return;
     }
-    delegate_->CheckSuggestedUrl(
-        suggested_url,
-        base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback,
-                   weak_ptr_factory_.GetWeakPtr()));
-    timer_.Start(FROM_HERE, g_config.Pointer()->interstitial_delay(), this,
-                 &SSLErrorHandler::ShowSSLInterstitial);
-
-    if (g_config.Pointer()->timer_started_callback())
-      g_config.Pointer()->timer_started_callback()->Run(web_contents_);
-
-    // Do not check for a captive portal in this case, because a captive
-    // portal most likely cannot serve a valid certificate which passes the
-    // similarity check.
-    return;
   }
 
   // Always listen to captive portal notifications, otherwise build fails
   // because profile_ isn't used. This is a no-op on platforms where
   // captive portal detection is disabled.
   registrar_.Add(this, chrome::NOTIFICATION_CAPTIVE_PORTAL_CHECK_RESULT,
                  content::Source<Profile>(profile_));
 
 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
   CaptivePortalTabHelper* captive_portal_tab_helper =
@@ skipping 157 matching lines @@
   network_time::NetworkTimeTracker* tracker =
       g_config.Pointer()->network_time_tracker();
   ssl_errors::ClockState clock_state = ssl_errors::GetClockState(now, tracker);
   if (clock_state == ssl_errors::CLOCK_STATE_FUTURE ||
       clock_state == ssl_errors::CLOCK_STATE_PAST) {
     ShowBadClockInterstitial(now, clock_state);
     return;  // |this| is deleted after showing the interstitial.
   }
   ShowSSLInterstitial();
 }