Update SSL error handling code to account for Subject CN deprecation

chrome/browser/ssl/ssl_error_handler.cc

Index: chrome/browser/ssl/ssl_error_handler.cc
diff --git a/chrome/browser/ssl/ssl_error_handler.cc b/chrome/browser/ssl/ssl_error_handler.cc
index 316dfc7a87b874ad2ed2f45a32199a393157b789..33ab755ea1bf4a31067cd708cf74e45056c8e08f 100644
--- a/chrome/browser/ssl/ssl_error_handler.cc
+++ b/chrome/browser/ssl/ssl_error_handler.cc
@@ -569,37 +569,38 @@ void SSLErrorHandler::StartHandlingError() {
   }
 #endif
 
-  std::vector<std::string> dns_names;
-  ssl_info_.cert->GetDNSNames(&dns_names);
-  DCHECK(!dns_names.empty());
-  GURL suggested_url;
   if (IsSSLCommonNameMismatchHandlingEnabled() &&
       cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID &&
-      delegate_->IsErrorOverridable() &&
-      delegate_->GetSuggestedUrl(dns_names, &suggested_url)) {
-    RecordUMA(WWW_MISMATCH_FOUND);
-
-    // Show the SSL interstitial if |CERT_STATUS_COMMON_NAME_INVALID| is not
-    // the only error. Need not check for captive portal in this case.
-    // (See the comment below).
-    if (!only_error_is_name_mismatch) {
-      ShowSSLInterstitial();
+      delegate_->IsErrorOverridable()) {
+    std::vector<std::string> dns_names;
+    ssl_info_.cert->GetSubjectAltName(&dns_names, nullptr);
+    GURL suggested_url;
+    if (!dns_names.empty() &&
+        delegate_->GetSuggestedUrl(dns_names, &suggested_url)) {
+      RecordUMA(WWW_MISMATCH_FOUND);

[estark, 2017/04/03 02:01:42]

nit: technically, since we're changing the conditions under which this value
gets recorded, best practice would be to mark this value as deprecated and
introduce a new one WWW_MISMATCH_FOUND2

[elawrence, 2017/04/04 15:52:28]

Done.

+
+      // Show the SSL interstitial if |CERT_STATUS_COMMON_NAME_INVALID| is not
+      // the only error. Need not check for captive portal in this case.
+      // (See the comment below).
+      if (!only_error_is_name_mismatch) {
+        ShowSSLInterstitial();
+        return;
+      }
+      delegate_->CheckSuggestedUrl(
+          suggested_url,
+          base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback,
+                     weak_ptr_factory_.GetWeakPtr()));
+      timer_.Start(FROM_HERE, g_config.Pointer()->interstitial_delay(), this,
+                   &SSLErrorHandler::ShowSSLInterstitial);
+
+      if (g_config.Pointer()->timer_started_callback())
+        g_config.Pointer()->timer_started_callback()->Run(web_contents_);
+
+      // Do not check for a captive portal in this case, because a captive
+      // portal most likely cannot serve a valid certificate which passes the
+      // similarity check.
       return;
     }
-    delegate_->CheckSuggestedUrl(
-        suggested_url,
-        base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback,
-                   weak_ptr_factory_.GetWeakPtr()));
-    timer_.Start(FROM_HERE, g_config.Pointer()->interstitial_delay(), this,
-                 &SSLErrorHandler::ShowSSLInterstitial);
-
-    if (g_config.Pointer()->timer_started_callback())
-      g_config.Pointer()->timer_started_callback()->Run(web_contents_);
-
-    // Do not check for a captive portal in this case, because a captive
-    // portal most likely cannot serve a valid certificate which passes the
-    // similarity check.
-    return;
   }
 
   // Always listen to captive portal notifications, otherwise build fails