Show these two cert errors as warnings, not errors (as requested by Ian):

CERT_STATUS_UNABLE_TO_CHECK_REVOCATION
CERT_STATUS_NO_REVOCATION_MECHANISM

Note: The Omnibox shows no_revocation_mechanism as skull and bones, but that's a separate issue.

BUG=http://crbug.com/52916
TEST=Requires server with cert errors.

Review URL: http://codereview.chromium.org/3293019

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59360 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 45 insertions, 9 deletions

diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index 65c061a..09b5acdb 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -5481,13 +5481,20 @@ Keep your key file in a safe place. You will need it to create new versions of y
       <message name="IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_EV" desc="The text of the identity section when the page is secured with an EV cert.">
         The identity of <ph name="ORGANIZATION">$1<ex>Google</ex></ph> at <ph name="LOCALITY">$2<ex>Mountain View, CA US</ex></ph> has been verified by <ph name="ISSUER">$3<ex>VeriSign</ex></ph>.
       </message>
-
       <message name="IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY" desc="The default name used when we did not find a principal name.">
         unknown name
       </message>
       <message name="IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY" desc="The text of the identity section when the page is not secure.">
         The identity of this website has not been verified.
       </message>
+
+      <message name="IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION" desc="The text of the identity section when we were unable to check if the certificate has been revoked.">
+        Unable to check whether the certificate has been revoked.
+      </message>
+      <message name="IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM" desc="The text of the identity section when there is no certificate revocation mechanism.">
+        The certificate does not specify a mechanism to check whether it has been revoked.
+      </message>
+
       <message name="IDS_PAGE_INFO_SECURITY_TAB_CONNECTION_TITLE" desc="The name of the connection section.">
         Connection
       </message>
diff --git a/chrome/browser/page_info_model.cc b/chrome/browser/page_info_model.cc
index f35da10..e549c10 100644
--- a/chrome/browser/page_info_model.cc
+++ b/chrome/browser/page_info_model.cc
@@ -42,11 +42,41 @@ PageInfoModel::PageInfoModel(Profile* profile,
         l10n_util::GetStringUTF16(IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
     empty_subject_name = true;
   }
+
+  // Some of what IsCertStatusError classifies as errors we want to show as
+  // warnings instead.
+  static const int cert_warnings =
+      net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION |
+      net::CERT_STATUS_NO_REVOCATION_MECHANISM;
+  int status_with_warnings_removed = ssl.cert_status() & ~cert_warnings;
+
   if (ssl.cert_id() &&
       CertStore::GetSharedInstance()->RetrieveCert(ssl.cert_id(), &cert) &&
-      !net::IsCertStatusError(ssl.cert_status())) {
-    // OK HTTPS page.
-    if ((ssl.cert_status() & net::CERT_STATUS_IS_EV) != 0) {
+      !net::IsCertStatusError(status_with_warnings_removed)) {
+    // No error found so far, check cert_status warnings.
+    int cert_status = ssl.cert_status();
+    if (cert_status & cert_warnings) {
+      string16 issuer_name(UTF8ToUTF16(cert->issuer().GetDisplayName()));
+      if (issuer_name.empty()) {
+        issuer_name.assign(l10n_util::GetStringUTF16(
+            IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
+      }
+      description.assign(l10n_util::GetStringFUTF16(
+          IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY, issuer_name));
+
+      description += ASCIIToUTF16("\n\n");
+      if (cert_status & net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) {
+        description += l10n_util::GetStringUTF16(
+            IDS_PAGE_INFO_SECURITY_TAB_UNABLE_TO_CHECK_REVOCATION);
+      } else if (cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM) {
+        description += l10n_util::GetStringUTF16(
+            IDS_PAGE_INFO_SECURITY_TAB_NO_REVOCATION_MECHANISM);
+      } else {
+        NOTREACHED() << "Need to specify string for this warning";
+      }
+      state = SECTION_STATE_WARNING_MINOR;
+    } else if ((ssl.cert_status() & net::CERT_STATUS_IS_EV) != 0) {
+      // EV HTTPS page.
       DCHECK(!cert->subject().organization_names.empty());
       headline =
           l10n_util::GetStringFUTF16(IDS_PAGE_INFO_EV_IDENTITY_TITLE,
@@ -76,7 +106,7 @@ PageInfoModel::PageInfoModel(Profile* profile,
           locality,
           UTF8ToUTF16(cert->issuer().GetDisplayName())));
     } else {
-      // Non EV OK HTTPS.
+      // Non-EV OK HTTPS page.
       if (empty_subject_name)
         headline.clear();  // Don't display any title.
       else
@@ -85,13 +115,12 @@ PageInfoModel::PageInfoModel(Profile* profile,
       if (issuer_name.empty()) {
         issuer_name.assign(l10n_util::GetStringUTF16(
             IDS_PAGE_INFO_SECURITY_TAB_UNKNOWN_PARTY));
-      } else {
-        description.assign(l10n_util::GetStringFUTF16(
-            IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY, issuer_name));
       }
+      description.assign(l10n_util::GetStringFUTF16(
+          IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY, issuer_name));
     }
   } else {
-    // HTTP or bad HTTPS.
+    // HTTP or HTTPS with errors (not warnings).
     description.assign(l10n_util::GetStringUTF16(
         IDS_PAGE_INFO_SECURITY_TAB_INSECURE_IDENTITY));
     state = ssl.security_style() == SECURITY_STYLE_UNAUTHENTICATED ?