Mark SHA-1 as deprecated

net/cert/cert_status_flags.cc

Index: net/cert/cert_status_flags.cc
diff --git a/net/cert/cert_status_flags.cc b/net/cert/cert_status_flags.cc
index d278ea47b453b689842f41a289b2e4fa36144d16..0b71d21a7297efd3d2f49c5a98895c0a22a5161a 100644
--- a/net/cert/cert_status_flags.cc
+++ b/net/cert/cert_status_flags.cc
@@ -12,7 +12,8 @@ namespace net {
 bool IsCertStatusMinorError(CertStatus cert_status) {

[davidben, 2014/09/26 20:09:24]

Given all the places that are now checking both, perhaps an
IsCertStatusFatalError?

   static const CertStatus kMinorErrors =
       CERT_STATUS_UNABLE_TO_CHECK_REVOCATION |
-      CERT_STATUS_NO_REVOCATION_MECHANISM;
+      CERT_STATUS_NO_REVOCATION_MECHANISM |
+      CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM;
   cert_status &= CERT_STATUS_ALL_ERRORS;
   return cert_status != 0 && (cert_status & ~kMinorErrors) == 0;
 }
@@ -49,6 +50,8 @@ CertStatus MapNetErrorToCertStatus(int error) {
       return CERT_STATUS_PINNED_KEY_MISSING;
     case ERR_CERT_NAME_CONSTRAINT_VIOLATION:
       return CERT_STATUS_NAME_CONSTRAINT_VIOLATION;
+    case ERR_CERT_DEPRECATED_SIGNATURE_ALGORITHM:
+      return CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM;
     default:
       return 0;
   }
@@ -87,6 +90,8 @@ int MapCertStatusToNetError(CertStatus cert_status) {
     return ERR_CERT_UNABLE_TO_CHECK_REVOCATION;
   if (cert_status & CERT_STATUS_NO_REVOCATION_MECHANISM)
     return ERR_CERT_NO_REVOCATION_MECHANISM;
+  if (cert_status & CERT_STATUS_DEPRECATED_SIGNATURE_ALGORITHM)
+    return ERR_CERT_DEPRECATED_SIGNATURE_ALGORITHM;
 
   NOTREACHED();
   return ERR_UNEXPECTED;