5 files changed, 25 insertions, 88 deletions

diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index 808164a..e7b9101 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -2454,9 +2454,6 @@ each locale. -->
       <message name="IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DETAILS" desc="Details for being unable to check revocation status of an X509 certificate">
         Unable to check whether the server's certificate was revoked.
       </message>
-      <message name="IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_INFO_BAR" desc="Info bar for being unable to check revocation status of an X509 certificate">
-        Unable to check whether the server's certificate was revoked.
-      </message>
       <message name="IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DESCRIPTION" desc="Description for being unable to check revocation status of an X509 certificate">
         Server's certificate cannot be checked
       </message>
diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc
index fb3d447..d6ef458 100644
--- a/chrome/browser/ssl/ssl_browser_tests.cc
+++ b/chrome/browser/ssl/ssl_browser_tests.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -65,6 +65,9 @@ class SSLUITest : public InProcessBrowserTest {
               entry->page_type());
     EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN,
               entry->ssl().security_style());
+    // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security style
+    // to SECURITY_STYLE_AUTHENTICATION_BROKEN.
+    ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error);
     EXPECT_EQ(error, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS);
     EXPECT_FALSE(entry->ssl().has_mixed_content());
     EXPECT_FALSE(entry->ssl().has_unsafe_content());
diff --git a/chrome/browser/ssl/ssl_policy.cc b/chrome/browser/ssl/ssl_policy.cc
index 2f21e5d..5f15772 100644
--- a/chrome/browser/ssl/ssl_policy.cc
+++ b/chrome/browser/ssl/ssl_policy.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -67,10 +67,9 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
       handler->ContinueRequest();
       break;
     case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
-      // We ignore this error and display an infobar.
+      // We ignore this error but will show a warning status in the location
+      // bar.
       handler->ContinueRequest();
-      backend_->ShowMessage(l10n_util::GetString(
-          IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_INFO_BAR));
       break;
     case net::ERR_CERT_CONTAINS_ERRORS:
     case net::ERR_CERT_REVOKED:
@@ -127,8 +126,12 @@ void SSLPolicy::UpdateEntry(NavigationEntry* entry) {
     return;
   }
 
-  if (net::IsCertStatusError(entry->ssl().cert_status())) {
-    entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN);
+  // If CERT_STATUS_UNABLE_TO_CHECK_REVOCATION is the only certificate error,
+  // don't lower the security style to SECURITY_STYLE_AUTHENTICATION_BROKEN.
+  int cert_errors = entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS;
+  if (cert_errors) {
+    if (cert_errors != net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION)
+      entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN);
     return;
   }
 
diff --git a/chrome/browser/toolbar_model.cc b/chrome/browser/toolbar_model.cc
index eeae184..9e79335 100644
--- a/chrome/browser/toolbar_model.cc
+++ b/chrome/browser/toolbar_model.cc
@@ -81,6 +81,11 @@ ToolbarModel::SecurityLevel ToolbarModel::GetSecurityLevel() const {
     case SECURITY_STYLE_AUTHENTICATED:
       if (ssl.has_mixed_content())
         return SECURITY_WARNING;
+      if (net::IsCertStatusError(ssl.cert_status())) {
+        DCHECK_EQ(ssl.cert_status() & net::CERT_STATUS_ALL_ERRORS,
+                  net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION);
+        return SECURITY_WARNING;
+      }
       if ((ssl.cert_status() & net::CERT_STATUS_IS_EV) &&
           CertStore::GetSharedInstance()->RetrieveCert(ssl.cert_id(), NULL))
         return EV_SECURE;
@@ -104,45 +109,6 @@ int ToolbarModel::GetIcon() const {
   return icon_ids[GetSecurityLevel()];
 }
 
-void ToolbarModel::GetIconHoverText(std::wstring* text) const {
-  DCHECK(text);
-  text->clear();
-
-  switch (GetSecurityLevel()) {
-    case NONE:
-      // There's no security icon, and thus no hover text.
-      return;
-
-    case EV_SECURE:
-    case SECURE: {
-      // Note: Navigation controller and active entry are guaranteed non-NULL or
-      // the security level would be NONE.
-      GURL url(GetNavigationController()->GetActiveEntry()->url());
-      DCHECK(url.has_host());
-      *text = l10n_util::GetStringF(IDS_SECURE_CONNECTION,
-                                    UTF8ToWide(url.host()));
-      return;
-    }
-
-    case SECURITY_WARNING:
-      *text = SSLErrorInfo::CreateError(SSLErrorInfo::MIXED_CONTENTS, NULL,
-                                        GURL()).short_description();
-      return;
-
-    case SECURITY_ERROR:
-      // See note above.
-      CreateErrorText(GetNavigationController()->GetActiveEntry(), text);
-      // If the authentication is broken, we should always have at least one
-      // error.
-      DCHECK(!text->empty());
-      return;
-
-    default:
-      NOTREACHED();
-      return;
-  }
-}
-
 std::wstring ToolbarModel::GetSecurityInfoText() const {
   switch (GetSecurityLevel()) {
     case NONE:
@@ -152,7 +118,8 @@ std::wstring ToolbarModel::GetSecurityInfoText() const {
 
     case EV_SECURE: {
       scoped_refptr<net::X509Certificate> cert;
-      // See note in GetIconHoverText().
+      // Note: Navigation controller and active entry are guaranteed non-NULL
+      // or the security level would be NONE.
       CertStore::GetSharedInstance()->RetrieveCert(
           GetNavigationController()->GetActiveEntry()->ssl().cert_id(),
           &cert);
@@ -175,32 +142,3 @@ NavigationController* ToolbarModel::GetNavigationController() const {
   TabContents* current_tab = browser_->GetSelectedTabContents();
   return current_tab ? &current_tab->controller() : NULL;
 }
-
-void ToolbarModel::CreateErrorText(NavigationEntry* entry,
-                                   std::wstring* text) const {
-  const NavigationEntry::SSLStatus& ssl = entry->ssl();
-  std::vector<SSLErrorInfo> errors;
-  SSLErrorInfo::GetErrorsForCertStatus(ssl.cert_id(), ssl.cert_status(),
-                                       entry->url(), &errors);
-  if (ssl.has_mixed_content()) {
-    errors.push_back(SSLErrorInfo::CreateError(SSLErrorInfo::MIXED_CONTENTS,
-                                               NULL, GURL()));
-  }
-  if (ssl.has_unsafe_content()) {
-    errors.push_back(SSLErrorInfo::CreateError(SSLErrorInfo::UNSAFE_CONTENTS,
-                                               NULL, GURL()));
-  }
-
-  if (errors.empty()) {
-    text->clear();
-  } else if (errors.size() == 1) {
-    *text = errors[0].short_description();
-  } else {
-    // Multiple errors.
-    *text = l10n_util::GetString(IDS_SEVERAL_SSL_ERRORS);
-    for (size_t i = 0; i < errors.size(); ++i) {
-      text->append(L"\n");
-      text->append(errors[i].short_description());
-    }
-  }
-}
diff --git a/chrome/browser/toolbar_model.h b/chrome/browser/toolbar_model.h
index 865d39d..96a48e5 100644
--- a/chrome/browser/toolbar_model.h
+++ b/chrome/browser/toolbar_model.h
@@ -18,11 +18,15 @@ class NavigationEntry;
 // from the navigation controller returned by GetNavigationController().
 class ToolbarModel {
  public:
+  // TODO(wtc): unify ToolbarModel::SecurityLevel with SecurityStyle.  We
+  // don't need two sets of security UI levels.  SECURITY_STYLE_AUTHENTICATED
+  // needs to be refined into three levels: warning, standard, and EV.
   enum SecurityLevel {
     NONE = 0,          // HTTP/no URL/user is editing
     EV_SECURE,         // HTTPS with valid EV cert
     SECURE,            // HTTPS (non-EV)
-    SECURITY_WARNING,  // HTTPS, but with mixed content on the page
+    SECURITY_WARNING,  // HTTPS, but unable to check certificate revocation
+                       // status or with mixed content on the page
     SECURITY_ERROR,    // Attempted HTTPS and failed, page not authenticated
     NUM_SECURITY_LEVELS,
   };
@@ -41,10 +45,6 @@ class ToolbarModel {
   // user is editing; see AutocompleteEditView::GetIcon().
   int GetIcon() const;
 
-  // Sets the text displayed in the info bubble that appears when the user
-  // hovers the mouse over the icon.
-  void GetIconHoverText(std::wstring* text) const;
-
   // Returns the text, if any, that should be displayed on the right of the
   // location bar.
   std::wstring GetSecurityInfoText() const;
@@ -60,10 +60,6 @@ class ToolbarModel {
   // If this returns NULL, default values are used.
   NavigationController* GetNavigationController() const;
 
-  // Builds a short error message from the SSL status code found in |entry|.
-  // The message is set in |text|.
-  void CreateErrorText(NavigationEntry* entry, std::wstring* text) const;
-
   Browser* browser_;
 
   // Whether the text in the location bar is currently being edited.