Use a different error code for pinning errors.

BUG=91481
TEST=none

http://codereview.chromium.org/7465099/

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97639 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 6 insertions, 1 deletions

diff --git a/net/base/net_error_list.h b/net/base/net_error_list.h
index d7697ed..5481933 100644
--- a/net/base/net_error_list.h
+++ b/net/base/net_error_list.h
@@ -258,6 +258,11 @@ NET_ERROR(SSL_HANDSHAKE_NOT_COMPLETED, -148)
 // SSL peer's public key is invalid.
 NET_ERROR(SSL_BAD_PEER_PUBLIC_KEY, -149)
 
+// The certificate didn't match the built-in public key pins for the host name.
+// The pins are set in net/base/transport_security_state.cc and require that
+// one of a set of public keys exist on the path from the leaf to the root.
+NET_ERROR(SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, -150)
+
 // Certificate error codes
 //
 // The values of certificate error codes must be consecutive.
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index af26db5..23e7367 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -755,7 +755,7 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
                 context_->ssl_config_service()))) {
       if (!domain_state.IsChainOfPublicKeysPermitted(
               ssl_info.public_key_hashes)) {
-        result = ERR_CERT_INVALID;
+        result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
         UMA_HISTOGRAM_BOOLEAN("Net.CertificatePinSuccess", false);
       } else {
         UMA_HISTOGRAM_BOOLEAN("Net.CertificatePinSuccess", true);