Fix overridable in certificate errors

In Chromium 63 the decision of which errors were overridable was moved to the UI. Here we duplicate what Chrome has as their soft list of overridable errors which should match previous behavior. Task-number: QTBUG-66844 Change-Id: Icddff745d2323608487ecbfba4040b98c10f6e66 Reviewed-by: Michael Brüning <michael.bruning@qt.io>

Fix overridable in certificate errors
In Chromium 63 the decision of which errors were overridable was moved to the UI. Here we duplicate what Chrome has as their soft list of overridable errors which should match previous behavior. Task-number: QTBUG-66844 Change-Id: Icddff745d2323608487ecbfba4040b98c10f6e66 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
ce55cf2c · Allan Sandfeld Jensen · 51dbe583 · ce55cf2c
Commit ce55cf2c authored 7 years ago by Allan Sandfeld Jensen
--- a/src/core/content_browser_client_qt.cpp
+++ b/src/core/content_browser_client_qt.cpp
@@ -443,6 +443,31 @@ void ContentBrowserClientQt::GetQuotaSettings(content::BrowserContext* context,
    storage::GetNominalDynamicSettings(partition->GetPath(), context->IsOffTheRecord(), std::move(callback));
 }
+// Copied from chrome/browser/ssl/ssl_error_handler.cc:
+static int IsCertErrorFatal(int cert_error)
+{
+    switch (cert_error) {
+    case net::ERR_CERT_COMMON_NAME_INVALID:
+    case net::ERR_CERT_DATE_INVALID:
+    case net::ERR_CERT_AUTHORITY_INVALID:
+    case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
+    case net::ERR_CERT_WEAK_KEY:
+    case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION:
+    case net::ERR_CERT_VALIDITY_TOO_LONG:
+    case net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED:
+        return false;
+    case net::ERR_CERT_CONTAINS_ERRORS:
+    case net::ERR_CERT_REVOKED:
+    case net::ERR_CERT_INVALID:
+    case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY:
+    case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:
+        return true;
+    default:
+        NOTREACHED();
+    }
+    return true;
+}
 void ContentBrowserClientQt::AllowCertificateError(content::WebContents *webContents,
                                                   int cert_error,
                                                   const net::SSLInfo &ssl_info,
@@ -454,7 +479,16 @@ void ContentBrowserClientQt::AllowCertificateError(content::WebContents *webCont
 {
    WebContentsDelegateQt* contentsDelegate = static_cast<WebContentsDelegateQt*>(webContents->GetDelegate());
-    QSharedPointer<CertificateErrorController> errorController(new CertificateErrorController(new CertificateErrorControllerPrivate(cert_error, ssl_info, request_url, resource_type, strict_enforcement, strict_enforcement, callback)));
+    QSharedPointer<CertificateErrorController> errorController(
+            new CertificateErrorController(
+                    new CertificateErrorControllerPrivate(
+                            cert_error,
+                            ssl_info,
+                            request_url,
+                            resource_type,
+                            !IsCertErrorFatal(cert_error),
+                            strict_enforcement,
+                            callback)));
    contentsDelegate->allowCertificateError(errorController);
 }