Fix overridable in certificate errors

In Chromium 63 the decision of which errors were overridable was moved to the UI. Here we duplicate what Chrome has as their soft list of overridable errors which should match previous behavior. Task-number: QTBUG-66844 Change-Id: Icddff745d2323608487ecbfba4040b98c10f6e66 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2018-03-16 14:09:58 +0100
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2018-03-20 00:35:10 +0000
commit: ce55cf2c73049840debb5bb008981d6a419c2960 (patch)
tree: 162f5e206aee900a40ade4a7b182ca83843d2d47
parent: 51dbe583fc8775c45962394f95c3122d846c57d4 (diff)
1 files changed, 35 insertions, 1 deletions
diff --git a/src/core/content_browser_client_qt.cpp b/src/core/content_browser_client_qt.cpp
index fd1643a69..3b30cd24b 100644
--- a/src/core/content_browser_client_qt.cpp
+++ b/src/core/content_browser_client_qt.cpp
@@ -443,6 +443,31 @@ void ContentBrowserClientQt::GetQuotaSettings(content::BrowserContext* context,
     storage::GetNominalDynamicSettings(partition->GetPath(), context->IsOffTheRecord(), std::move(callback));
 }
 
+// Copied from chrome/browser/ssl/ssl_error_handler.cc:
+static int IsCertErrorFatal(int cert_error)
+{
+    switch (cert_error) {
+    case net::ERR_CERT_COMMON_NAME_INVALID:
+    case net::ERR_CERT_DATE_INVALID:
+    case net::ERR_CERT_AUTHORITY_INVALID:
+    case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
+    case net::ERR_CERT_WEAK_KEY:
+    case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION:
+    case net::ERR_CERT_VALIDITY_TOO_LONG:
+    case net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED:
+        return false;
+    case net::ERR_CERT_CONTAINS_ERRORS:
+    case net::ERR_CERT_REVOKED:
+    case net::ERR_CERT_INVALID:
+    case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY:
+    case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:
+        return true;
+    default:
+        NOTREACHED();
+    }
+    return true;
+}
+
 void ContentBrowserClientQt::AllowCertificateError(content::WebContents *webContents,
                                                    int cert_error,
                                                    const net::SSLInfo &ssl_info,
@@ -454,7 +479,16 @@ void ContentBrowserClientQt::AllowCertificateError(content::WebContents *webCont
 {
     WebContentsDelegateQt* contentsDelegate = static_cast<WebContentsDelegateQt*>(webContents->GetDelegate());
 
-    QSharedPointer<CertificateErrorController> errorController(new CertificateErrorController(new CertificateErrorControllerPrivate(cert_error, ssl_info, request_url, resource_type, strict_enforcement, strict_enforcement, callback)));
+    QSharedPointer<CertificateErrorController> errorController(
+            new CertificateErrorController(
+                    new CertificateErrorControllerPrivate(
+                            cert_error,
+                            ssl_info,
+                            request_url,
+                            resource_type,
+                            !IsCertErrorFatal(cert_error),
+                            strict_enforcement,
+                            callback)));
     contentsDelegate->allowCertificateError(errorController);
 }
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2018-03-16 14:09:58 +0100
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2018-03-20 00:35:10 +0000
commit	ce55cf2c73049840debb5bb008981d6a419c2960 (patch)
tree	162f5e206aee900a40ade4a7b182ca83843d2d47
parent	51dbe583fc8775c45962394f95c3122d846c57d4 (diff)