Update SSL error handling code to account for Subject CN deprecation

components/ssl_errors/error_classification.h

Index: components/ssl_errors/error_classification.h
diff --git a/components/ssl_errors/error_classification.h b/components/ssl_errors/error_classification.h
index b8c472df6697f0607b8cd6b37185ed63fd3c3d9a..efe07c39ab72e85cb62fc28d5cc6e8e58971b6f4 100644
--- a/components/ssl_errors/error_classification.h
+++ b/components/ssl_errors/error_classification.h
@@ -110,14 +110,20 @@ bool IsCertLikelyFromMultiTenantHosting(const GURL& request_url,
 bool IsCertLikelyFromSameDomain(const GURL& request_url,
                                 const net::X509Certificate& cert);
 
-// Returns true if the site's hostname differs from one of the DNS
-// names in the certificate (CN or SANs) only by the presence or
-// absence of the single-label prefix "www". E.g.: (The first domain
-// is hostname and the second domain is a DNS name in the certificate)
+// Returns true if the site's hostname differs from one of the DNS names in the
+// certificate (SANs) only by the presence or absence of the single-label prefix
+// "www". E.g.: (The first domain is the url's hostname and the second domain is
+// a DNS name in the certificate):
 //     www.example.com ~ example.com -> true
 //     example.com ~ www.example.com -> true
 //     www.food.example.com ~ example.com -> false
 //     mail.example.com ~ example.com -> false
+bool IsWWWSubDomainMatch(const GURL& request_url,

[estark, 2017/04/03 02:01:42]

Does this need to live in the public interface? Looks like it's only used by
unit tests, in which case we could instead unit test the interface we already
have, i.e. test that RecordUMAStatistics does not record WWW_SUBDOMAIN_MATCH
when there's no SubjectAltName. That would involve moving SSLInterstitialCause
into the public header to unit test the histogram, but IMO that's a better
change because it would allow us to write more unit tests in future for
RecordUMAStatistics, which we really should have.

[elawrence, 2017/04/04 15:52:28]

Done.

+                         const net::X509Certificate& cert);
+
+// Returns true if the site's hostname differs from one of the DNS names in
+// |dns_names| only by the presence or absence of the single-label prefix "www".
+// The matching name from the certificate is returned in |www_match_host_name|.
 bool GetWWWSubDomainMatch(const GURL& request_url,
                           const std::vector<std::string>& dns_names,
                           std::string* www_match_host_name);