Add new net error code for legacy Symantec certificates
This CL adds a new net error code for legacy Symantec certificates that are
being distrusted in M66 and M70. The net error code will display on the
interstitial, allowing the specific problem to be diagnosed from just a
screenshot of the interstitial. We can also use it to decide when to put a
console message in DevTools.
Because there is code that maps net error -> CertStatus -> net error, this also
requires a new CertStatus flag for the error.
Bug: 815219
Change-Id: Ic15d6c96f8bdef38c26157af13bbf099fee43b70
Reviewed-on: https://chromium-review.googlesource.com/934969
Commit-Queue: Ryan Sleevi <[email protected]>
Reviewed-by: Ryan Sleevi <[email protected]>
Cr-Commit-Position: refs/heads/master@{#539439}diff --git a/components/ssl_errors/error_info.cc b/components/ssl_errors/error_info.cc
index a6bed5c..1ed896c 100644
--- a/components/ssl_errors/error_info.cc
+++ b/components/ssl_errors/error_info.cc
@@ -96,6 +96,7 @@
}
break;
case CERT_AUTHORITY_INVALID:
+ case CERT_SYMANTEC_LEGACY:
details =
l10n_util::GetStringFUTF16(IDS_CERT_ERROR_AUTHORITY_INVALID_DETAILS,
UTF8ToUTF16(request_url.host()));
@@ -216,6 +217,8 @@
return CERT_PINNED_KEY_MISSING;
case net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED:
return CERTIFICATE_TRANSPARENCY_REQUIRED;
+ case net::ERR_CERT_SYMANTEC_LEGACY:
+ return CERT_SYMANTEC_LEGACY;
default:
NOTREACHED();
return UNKNOWN;
@@ -241,6 +244,7 @@
net::CERT_STATUS_NAME_CONSTRAINT_VIOLATION,
net::CERT_STATUS_VALIDITY_TOO_LONG,
net::CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED,
+ net::CERT_STATUS_SYMANTEC_LEGACY,
};
const ErrorType kErrorTypes[] = {
@@ -256,6 +260,7 @@
CERT_NAME_CONSTRAINT_VIOLATION,
CERT_VALIDITY_TOO_LONG,
CERTIFICATE_TRANSPARENCY_REQUIRED,
+ CERT_SYMANTEC_LEGACY,
};
DCHECK(arraysize(kErrorFlags) == arraysize(kErrorTypes));
