Interstitial options are not OR'd properly.

chrome/browser/chrome_content_browser_client.cc

Index: chrome/browser/chrome_content_browser_client.cc
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index 5231b91500fef9a3dc1ca9f9f3fca36cde82b484..0ec6b4c9b0196a04ef9eb4a7c3640bb6e57e786b 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -1670,9 +1670,7 @@ void ChromeContentBrowserClient::AllowCertificateError(
     const net::SSLInfo& ssl_info,
     const GURL& request_url,
     ResourceType resource_type,
-    bool overridable,
-    bool strict_enforcement,
-    bool expired_previous_decision,
+    int options_mask,
     const base::Callback<void(bool)>& callback,
     content::CertificateRequestResultType* result) {
   if (resource_type != content::RESOURCE_TYPE_MAIN_FRAME) {
@@ -1710,13 +1708,6 @@ void ChromeContentBrowserClient::AllowCertificateError(
 
   // Otherwise, display an SSL blocking page. The interstitial page takes
   // ownership of ssl_blocking_page.
-  int options_mask = 0;
-  if (overridable)
-    options_mask = SSLBlockingPage::OVERRIDABLE;

[Charlie Reis, 2014/09/19 20:00:12]

Yikes.  Yeah, this isn't much of a bitmask.

-  if (strict_enforcement)
-    options_mask = SSLBlockingPage::STRICT_ENFORCEMENT;
-  if (expired_previous_decision)
-    options_mask = SSLBlockingPage::EXPIRED_BUT_PREVIOUSLY_ALLOWED;
   SSLBlockingPage* ssl_blocking_page = new SSLBlockingPage(
       tab, cert_error, ssl_info, request_url, options_mask, callback);
   ssl_blocking_page->Show();