Mark SHA-1 as deprecated

net/cert/cert_status_flags.cc

Index: net/cert/cert_status_flags.cc
diff --git a/net/cert/cert_status_flags.cc b/net/cert/cert_status_flags.cc
index d278ea47b453b689842f41a289b2e4fa36144d16..4df4d26241dcd9a1e4289aa20a140ba7fec9072f 100644
--- a/net/cert/cert_status_flags.cc
+++ b/net/cert/cert_status_flags.cc
@@ -49,6 +49,8 @@ CertStatus MapNetErrorToCertStatus(int error) {
       return CERT_STATUS_PINNED_KEY_MISSING;
     case ERR_CERT_NAME_CONSTRAINT_VIOLATION:
       return CERT_STATUS_NAME_CONSTRAINT_VIOLATION;
+    case ERR_CERT_DEPRECATED_SIGNATURE_ALGORITHM:
+      return CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM;
     default:
       return 0;
   }
@@ -81,6 +83,8 @@ int MapCertStatusToNetError(CertStatus cert_status) {
     return ERR_CERT_WEAK_KEY;
   if (cert_status & CERT_STATUS_DATE_INVALID)
     return ERR_CERT_DATE_INVALID;
+  // CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM is intentionally not mapped to
+  // an error. It is treated as just a warning and used to degrade the SSL UI.
 
   // Unknown status.  Give it the benefit of the doubt.
   if (cert_status & CERT_STATUS_UNABLE_TO_CHECK_REVOCATION)