Move QWebEngineCertificateError to core and use it in QML

Update qml certificate error test.

Task-number: QTBUG-74585
Change-Id: I9383052bd1e37160d03e3d66e8f2e4a749023736
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

7 files changed, 414 insertions, 79 deletions

diff --git a/src/core/api/core_api.pro b/src/core/api/core_api.pro
index 0ee13f0b5..aca83c7bb 100644
--- a/src/core/api/core_api.pro
+++ b/src/core/api/core_api.pro
@@ -36,6 +36,7 @@ HEADERS = \
     qwebengineclientcertificatestore.h \
     qtwebenginecoreglobal.h \
     qtwebenginecoreglobal_p.h \
+    qwebenginecertificateerror.h \
     qwebenginecookiestore.h \
     qwebenginecookiestore_p.h \
     qwebenginefindtextresult.h \
@@ -55,6 +56,7 @@ HEADERS = \
 
 SOURCES = \
     qtwebenginecoreglobal.cpp \
+    qwebenginecertificateerror.cpp \
     qwebengineclientcertificatestore.cpp \
     qwebenginecookiestore.cpp \
     qwebenginefindtextresult.cpp \
diff --git a/src/core/api/qwebenginecertificateerror.cpp b/src/core/api/qwebenginecertificateerror.cpp
new file mode 100644
index 000000000..2e5768a0c
--- /dev/null
+++ b/src/core/api/qwebenginecertificateerror.cpp
@@ -0,0 +1,229 @@
+/****************************************************************************
+**
+** Copyright (C) 2016 The Qt Company Ltd.
+** Contact: https://www.qt.io/licensing/
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see https://www.qt.io/terms-conditions. For further
+** information use the contact form at https://www.qt.io/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPL3 included in the
+** packaging of this file. Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or (at your option) the GNU General
+** Public license version 3 or any later version approved by the KDE Free
+** Qt Foundation. The licenses are as published by the Free Software
+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
+** included in the packaging of this file. Please review the following
+** information to ensure the GNU General Public License requirements will
+** be met: https://www.gnu.org/licenses/gpl-2.0.html and
+** https://www.gnu.org/licenses/gpl-3.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#include "qwebenginecertificateerror.h"
+
+#include "certificate_error_controller.h"
+
+QT_BEGIN_NAMESPACE
+
+ASSERT_ENUMS_MATCH(CertificateErrorController::SslPinnedKeyNotInCertificateChain,   QWebEngineCertificateError::SslPinnedKeyNotInCertificateChain);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateCommonNameInvalid,        QWebEngineCertificateError::CertificateCommonNameInvalid);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateCommonNameInvalid,        QWebEngineCertificateError::CertificateCommonNameInvalid);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateDateInvalid,              QWebEngineCertificateError::CertificateDateInvalid);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateAuthorityInvalid,         QWebEngineCertificateError::CertificateAuthorityInvalid);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateContainsErrors,           QWebEngineCertificateError::CertificateContainsErrors);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateUnableToCheckRevocation,  QWebEngineCertificateError::CertificateUnableToCheckRevocation);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateRevoked,                  QWebEngineCertificateError::CertificateRevoked);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateInvalid,                  QWebEngineCertificateError::CertificateInvalid);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateWeakSignatureAlgorithm,   QWebEngineCertificateError::CertificateWeakSignatureAlgorithm);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateNonUniqueName,            QWebEngineCertificateError::CertificateNonUniqueName);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateWeakKey,                  QWebEngineCertificateError::CertificateWeakKey);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateNameConstraintViolation,  QWebEngineCertificateError::CertificateNameConstraintViolation);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateValidityTooLong,          QWebEngineCertificateError::CertificateValidityTooLong);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateTransparencyRequired,     QWebEngineCertificateError::CertificateTransparencyRequired);
+ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateKnownInterceptionBlocked, QWebEngineCertificateError::CertificateKnownInterceptionBlocked);
+
+/*!
+    \class QWebEngineCertificateError
+    \brief The QWebEngineCertificateError class provides information about a certificate error.
+    \since 5.4
+    \inmodule QtWebEngineCore
+
+    Provides information about a certificate error. This class is used as a parameter of
+    QWebEnginePage::certificateError().
+*/
+
+/*! \internal
+*/
+QWebEngineCertificateError::QWebEngineCertificateError(const QSharedPointer<CertificateErrorController> &controller)
+    : d(controller)
+{
+}
+
+QWebEngineCertificateError::QWebEngineCertificateError(const QWebEngineCertificateError &) = default;
+
+QWebEngineCertificateError& QWebEngineCertificateError::operator=(const QWebEngineCertificateError &) = default;
+
+/*! \internal
+*/
+QWebEngineCertificateError::~QWebEngineCertificateError() = default;
+
+/*!
+    \enum QWebEngineCertificateError::Error
+
+    This enum describes the type of certificate error encountered.
+
+    The values of this enum type match the SSL errors Chromium provides.
+    QSslError::SslError values are not used directly, because the Qt error
+    categories cannot be mapped to the Chromium error categories.
+
+    \value SslPinnedKeyNotInCertificateChain The certificate did not match the built-in public keys
+            pinned for the host name.
+    \value CertificateCommonNameInvalid The certificate's common name did not match the host name.
+    \value CertificateDateInvalid The certificate is not valid at the current date and time.
+    \value CertificateAuthorityInvalid The certificate is not signed by a trusted authority.
+    \value CertificateContainsErrors The certificate contains errors.
+    \value CertificateNoRevocationMechanism The certificate has no mechanism for determining if it has been revoked.
+    \value CertificateUnableToCheckRevocation Revocation information for the certificate is not available.
+    \value CertificateRevoked The certificate has been revoked.
+    \value CertificateInvalid The certificate is invalid.
+    \value CertificateWeakSignatureAlgorithm The certificate is signed using a weak signature algorithm.
+    \value CertificateNonUniqueName The host name specified in the certificate is not unique.
+    \value CertificateWeakKey The certificate contains a weak key.
+    \value CertificateNameConstraintViolation The certificate claimed DNS names that are in violation of name constraints.
+    \value CertificateValidityTooLong The certificate has a validity period that is too long. (Added in Qt 5.7)
+    \value CertificateTransparencyRequired Certificate Transparency was required for this connection, but the server
+            did not provide CT information that complied with the policy. (Added in Qt 5.8)
+    \value CertificateKnownInterceptionBlocked The certificate is known to be
+            used for interception by an entity other the device owner. (Added in
+            5.15)
+*/
+
+/*!
+    Returns whether this error can be overridden and accepted.
+
+    \sa error(), errorDescription()
+*/
+bool QWebEngineCertificateError::isOverridable() const
+{
+    return d->overridable();
+}
+
+/*!
+    Returns the URL that triggered the error.
+
+    \sa error(), errorDescription()
+*/
+QUrl QWebEngineCertificateError::url() const
+{
+    return d->url();
+}
+
+/*!
+    Returns the type of the error.
+
+    \sa errorDescription(), isOverridable()
+*/
+QWebEngineCertificateError::Error QWebEngineCertificateError::error() const
+{
+    return Error(d->error());
+}
+
+/*!
+    Returns a short localized human-readable description of the error.
+
+    \sa error(), url(), isOverridable()
+*/
+QString QWebEngineCertificateError::errorDescription() const
+{
+    return d->errorString();
+}
+
+/*!
+    \since 5.14
+
+    Marks the certificate error for delayed handling.
+
+    This function should be called when there is a need to postpone the decision whether to ignore a
+    certificate error, for example, while waiting for user input. When called, the function pauses the
+    URL request until ignoreCertificateError() or rejectCertificate() is called.
+
+    \note It is only possible to defer overridable certificate errors.
+
+    \sa isOverridable(), deferred()
+*/
+void QWebEngineCertificateError::defer()
+{
+    d->defer();
+}
+
+/*!
+    \since 5.14
+
+    Returns whether the decision for error handling was delayed and the URL load was halted.
+*/
+bool QWebEngineCertificateError::deferred() const
+{
+    return d->deferred();
+}
+
+/*!
+    \since 5.14
+
+    Ignores the certificate error and continues the loading of the requested URL.
+*/
+void QWebEngineCertificateError::ignoreCertificateError()
+{
+    d->ignoreCertificateError();
+}
+
+/*!
+    \since 5.14
+
+    Rejects the certificate and aborts the loading of the requested URL.
+*/
+void QWebEngineCertificateError::rejectCertificate()
+{
+    d->rejectCertificate();
+}
+
+/*!
+    \since 5.14
+
+    Returns \c true if the error was explicitly rejected or ignored.
+*/
+bool QWebEngineCertificateError::answered() const
+{
+    return d->answered();
+}
+
+/*!
+    \since 5.14
+
+    Returns the peer's chain of digital certificates.
+
+    Chain starts with the peer's immediate certificate and ending with the CA's certificate.
+*/
+QList<QSslCertificate> QWebEngineCertificateError::certificateChain() const
+{
+    return d->certificateChain();
+}
+
+QT_END_NAMESPACE
diff --git a/src/core/api/qwebenginecertificateerror.h b/src/core/api/qwebenginecertificateerror.h
new file mode 100644
index 000000000..67da69a78
--- /dev/null
+++ b/src/core/api/qwebenginecertificateerror.h
@@ -0,0 +1,113 @@
+/****************************************************************************
+**
+** Copyright (C) 2016 The Qt Company Ltd.
+** Contact: https://www.qt.io/licensing/
+**
+** This file is part of the QtWebEngine module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see https://www.qt.io/terms-conditions. For further
+** information use the contact form at https://www.qt.io/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPL3 included in the
+** packaging of this file. Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or (at your option) the GNU General
+** Public license version 3 or any later version approved by the KDE Free
+** Qt Foundation. The licenses are as published by the Free Software
+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
+** included in the packaging of this file. Please review the following
+** information to ensure the GNU General Public License requirements will
+** be met: https://www.gnu.org/licenses/gpl-2.0.html and
+** https://www.gnu.org/licenses/gpl-3.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#ifndef QWEBENGINECERTIFICATEERROR_H
+#define QWEBENGINECERTIFICATEERROR_H
+
+#include <QtWebEngineCore/qtwebenginecoreglobal.h>
+
+#include <QtCore/qsharedpointer.h>
+#include <QtCore/qurl.h>
+#include <QtNetwork/QSslCertificate>
+
+QT_BEGIN_NAMESPACE
+
+class CertificateErrorController;
+
+class Q_WEBENGINECORE_EXPORT QWebEngineCertificateError {
+    Q_GADGET
+    Q_PROPERTY(QUrl url READ url CONSTANT FINAL)
+    Q_PROPERTY(Error error READ error CONSTANT FINAL)
+    Q_PROPERTY(QString description READ errorDescription CONSTANT FINAL)
+    Q_PROPERTY(bool overridable READ isOverridable CONSTANT FINAL)
+    Q_PROPERTY(bool deferred READ deferred CONSTANT FINAL)
+    Q_PROPERTY(bool answered READ answered CONSTANT FINAL)
+
+public:
+    QWebEngineCertificateError(const QWebEngineCertificateError &other);
+    QWebEngineCertificateError& operator=(const QWebEngineCertificateError &other);
+    ~QWebEngineCertificateError();
+
+    // Keep this identical to CertificateErrorController::CertificateError, or add mapping layer.
+    enum Error {
+        SslPinnedKeyNotInCertificateChain = -150,
+        CertificateCommonNameInvalid = -200,
+        CertificateDateInvalid = -201,
+        CertificateAuthorityInvalid = -202,
+        CertificateContainsErrors = -203,
+        CertificateNoRevocationMechanism = -204,
+        CertificateUnableToCheckRevocation = -205,
+        CertificateRevoked = -206,
+        CertificateInvalid = -207,
+        CertificateWeakSignatureAlgorithm = -208,
+        CertificateNonUniqueName = -210,
+        CertificateWeakKey = -211,
+        CertificateNameConstraintViolation = -212,
+        CertificateValidityTooLong = -213,
+        CertificateTransparencyRequired = -214,
+        CertificateKnownInterceptionBlocked = -217,
+    };
+    Q_ENUM(Error)
+
+    Error error() const;
+    QUrl url() const;
+    bool isOverridable() const;
+    QString errorDescription() const;
+
+    Q_INVOKABLE void defer();
+    bool deferred() const;
+
+    Q_INVOKABLE void rejectCertificate();
+    Q_INVOKABLE void ignoreCertificateError();
+    bool answered() const;
+
+    QList<QSslCertificate> certificateChain() const;
+
+private:
+    friend class QWebEnginePagePrivate;
+    friend class QQuickWebEngineViewPrivate;
+    QWebEngineCertificateError(const QSharedPointer<CertificateErrorController> &controller);
+    QSharedPointer<CertificateErrorController> d;
+};
+
+QT_END_NAMESPACE
+
+Q_DECLARE_METATYPE(QWebEngineCertificateError)
+
+#endif // QWEBENGINECERTIFICATEERROR_H
diff --git a/src/core/certificate_error_controller.cpp b/src/core/certificate_error_controller.cpp
index 353228c2d..79f6a8cf2 100644
--- a/src/core/certificate_error_controller.cpp
+++ b/src/core/certificate_error_controller.cpp
@@ -71,28 +71,45 @@ ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateSymantecLegacy, net::E
 ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateKnownInterceptionBlocked, net::ERR_CERT_KNOWN_INTERCEPTION_BLOCKED)
 ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateErrorEnd, net::ERR_CERT_END)
 
-void CertificateErrorControllerPrivate::accept(bool accepted)
+// Copied from chrome/browser/ssl/ssl_error_handler.cc:
+static int IsCertErrorFatal(int cert_error)
 {
-    std::move(callback).Run(accepted ? content::CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE : content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY);
+    switch (cert_error) {
+    case net::ERR_CERT_COMMON_NAME_INVALID:
+    case net::ERR_CERT_DATE_INVALID:
+    case net::ERR_CERT_AUTHORITY_INVALID:
+    case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
+    case net::ERR_CERT_WEAK_KEY:
+    case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION:
+    case net::ERR_CERT_VALIDITY_TOO_LONG:
+    case net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED:
+    case net::ERR_CERT_SYMANTEC_LEGACY:
+        return false;
+    case net::ERR_CERT_CONTAINS_ERRORS:
+    case net::ERR_CERT_REVOKED:
+    case net::ERR_CERT_INVALID:
+    case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY:
+    case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:
+        return true;
+    default:
+        NOTREACHED();
+    }
+    return true;
 }
 
+
 CertificateErrorControllerPrivate::CertificateErrorControllerPrivate(int cert_error,
                                                                      const net::SSLInfo& ssl_info,
                                                                      const GURL &request_url,
-                                                                     bool main_frame,
-                                                                     bool fatal_error,
                                                                      bool strict_enforcement,
                                                                      base::OnceCallback<void(content::CertificateRequestResultType)> cb
                                                                     )
     : certError(CertificateErrorController::CertificateError(cert_error))
     , requestUrl(toQt(request_url))
-    , resourceType(main_frame ? CertificateErrorController::ResourceTypeMainFrame : CertificateErrorController::ResourceTypeOther)
-    , fatalError(fatal_error)
-    , strictEnforcement(strict_enforcement)
-    , callback(std::move(cb))
+    , overridable(!IsCertErrorFatal(cert_error) && !strict_enforcement)
 {
+    if (overridable) callback = std::move(cb);
     if (auto cert = ssl_info.cert.get()) {
-        validStart = toQt(cert->valid_start());
         validExpiry = toQt(cert->valid_expiry());
         certificateChain = toCertificateChain(cert);
     }
@@ -104,8 +121,8 @@ CertificateErrorController::CertificateErrorController(CertificateErrorControlle
 
 CertificateErrorController::~CertificateErrorController()
 {
-    delete d;
-    d = 0;
+    if (!answered())
+        rejectCertificate();
 }
 
 CertificateErrorController::CertificateError CertificateErrorController::error() const
@@ -120,22 +137,37 @@ QUrl CertificateErrorController::url() const
 
 bool CertificateErrorController::overridable() const
 {
-    return !d->fatalError && !d->strictEnforcement;
+    return d->overridable;
+}
+
+bool CertificateErrorController::deferred() const
+{
+    return d->deferred;
 }
 
-bool CertificateErrorController::strictEnforcement() const
+void CertificateErrorController::defer()
 {
-    return d->strictEnforcement;
+    d->deferred = true;
+}
+
+bool CertificateErrorController::answered() const
+{
+    return d->answered;
 }
 
 void CertificateErrorController::accept(bool accepted)
 {
-    d->accept(accepted);
+    if (answered())
+        return;
+
+    d->answered = true;
+    if (d->callback)
+        std::move(d->callback).Run(accepted ? content::CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE : content::CERTIFICATE_REQUEST_RESULT_TYPE_DENY);
 }
 
-CertificateErrorController::ResourceType CertificateErrorController::resourceType() const
+void CertificateErrorController::deactivate()
 {
-    return d->resourceType;
+    d->callback.Reset();
 }
 
 static QString getQStringForMessageId(int message_id) {
diff --git a/src/core/certificate_error_controller.h b/src/core/certificate_error_controller.h
index dc1c3cf54..be5efd79d 100644
--- a/src/core/certificate_error_controller.h
+++ b/src/core/certificate_error_controller.h
@@ -54,6 +54,7 @@
 #include "qtwebenginecoreglobal_p.h"
 
 #include <QtCore/QDateTime>
+#include <QtCore/QScopedPointer>
 #include <QtCore/QUrl>
 #include <QtNetwork/QSslCertificate>
 
@@ -92,41 +93,30 @@ public:
     CertificateError error() const;
     QUrl url() const;
     bool overridable() const;
-    bool strictEnforcement() const;
     QString errorString() const;
-    QDateTime validStart() const;
     QDateTime validExpiry() const;
     QList<QSslCertificate> certificateChain() const;
 
+    bool deferred() const;
+    void defer();
+
+    bool answered() const;
     void accept(bool);
 
-    // Note: The resource type should probably not be exported, since once accepted the certificate exception
-    // counts for all resource types.
-    // Keep up to date with webkit/common/resource_type.h
-    enum ResourceType {
-        ResourceTypeMainFrame = 0,  // top level page
-        ResourceTypeSubFrame,       // frame or iframe
-        ResourceTypeStylesheet,     // a CSS stylesheet
-        ResourceTypeScript,         // an external script
-        ResourceTypeImage,          // an image (jpg/gif/png/etc)
-        ResourceTypeFont,           // a font
-        ResourceTypeOther,          // an "other" subresource.
-        ResourceTypeObject,         // an object (or embed) tag for a plugin,
-                                    // or a resource that a plugin requested.
-        ResourceTypeMedia,          // a media resource.
-        ResourceTypeWorker,         // the main resource of a dedicated worker.
-        ResourceTypeSharedWorker,   // the main resource of a shared worker.
-        ResourceTypePrefetch,       // an explicitly requested prefetch
-        ResourceTypeFavicon,        // a favicon
-        ResourceTypeXHR,            // a XMLHttpRequest
-        ResourceTypePing,           // a ping request for <a ping>
-        ResourceTypeServiceWorker,  // the main resource of a service worker.
-    };
+    void ignoreCertificateError() { accept(true); }
+    void rejectCertificate() { accept(false); }
 
-    ResourceType resourceType() const;
+    void deactivate();
+    static void clear(QList<QWeakPointer<CertificateErrorController>> &controllers) {
+        for (auto &&wc : controllers)
+            if (auto controller = wc.lock())
+                controller->deactivate();
+        controllers.clear();
+    }
 
 private:
-    CertificateErrorControllerPrivate* d;
+    QScopedPointer<CertificateErrorControllerPrivate> d;
+    Q_DISABLE_COPY(CertificateErrorController)
 };
 
 QT_END_NAMESPACE
diff --git a/src/core/certificate_error_controller_p.h b/src/core/certificate_error_controller_p.h
index b0b0bc658..f46670cf5 100644
--- a/src/core/certificate_error_controller_p.h
+++ b/src/core/certificate_error_controller_p.h
@@ -59,19 +59,16 @@ QT_BEGIN_NAMESPACE
 
 class CertificateErrorControllerPrivate {
 public:
-    CertificateErrorControllerPrivate(int cert_error, const net::SSLInfo& ssl_info, const GURL& request_url, bool main_frame, bool fatal_error, bool strict_enforcement, base::OnceCallback<void(content::CertificateRequestResultType)> callback);
-
-    void accept(bool accepted);
+    CertificateErrorControllerPrivate(int cert_error, const net::SSLInfo& ssl_info, const GURL& request_url, bool strict_enforcement, base::OnceCallback<void(content::CertificateRequestResultType)> callback);
 
     CertificateErrorController::CertificateError certError;
     const QUrl requestUrl;
-    QDateTime validStart;
     QDateTime validExpiry;
-    CertificateErrorController::ResourceType resourceType;
-    bool fatalError;
-    bool strictEnforcement;
+    bool overridable;
     base::OnceCallback<void(content::CertificateRequestResultType)> callback;
     QList<QSslCertificate> certificateChain;
+
+    bool answered = false, deferred = false;
 };
 
 QT_END_NAMESPACE
diff --git a/src/core/content_browser_client_qt.cpp b/src/core/content_browser_client_qt.cpp
index 32013849b..c39d28fef 100644
--- a/src/core/content_browser_client_qt.cpp
+++ b/src/core/content_browser_client_qt.cpp
@@ -302,37 +302,11 @@ void ContentBrowserClientQt::GetQuotaSettings(content::BrowserContext* context,
                                        storage::GetDefaultDeviceInfoHelper(), std::move(callback));
 }
 
-// Copied from chrome/browser/ssl/ssl_error_handler.cc:
-static int IsCertErrorFatal(int cert_error)
-{
-    switch (cert_error) {
-    case net::ERR_CERT_COMMON_NAME_INVALID:
-    case net::ERR_CERT_DATE_INVALID:
-    case net::ERR_CERT_AUTHORITY_INVALID:
-    case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
-    case net::ERR_CERT_WEAK_KEY:
-    case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION:
-    case net::ERR_CERT_VALIDITY_TOO_LONG:
-    case net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED:
-    case net::ERR_CERT_SYMANTEC_LEGACY:
-        return false;
-    case net::ERR_CERT_CONTAINS_ERRORS:
-    case net::ERR_CERT_REVOKED:
-    case net::ERR_CERT_INVALID:
-    case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY:
-    case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN:
-        return true;
-    default:
-        NOTREACHED();
-    }
-    return true;
-}
-
 void ContentBrowserClientQt::AllowCertificateError(content::WebContents *webContents,
                                                    int cert_error,
                                                    const net::SSLInfo &ssl_info,
                                                    const GURL &request_url,
-                                                   bool is_main_frame_request,
+                                                   bool /* is_main_frame_request */,
                                                    bool strict_enforcement,
                                                    base::OnceCallback<void(content::CertificateRequestResultType)> callback)
 {
@@ -344,8 +318,6 @@ void ContentBrowserClientQt::AllowCertificateError(content::WebContents *webCont
                             cert_error,
                             ssl_info,
                             request_url,
-                            is_main_frame_request,
-                            IsCertErrorFatal(cert_error),
                             strict_enforcement,
                             std::move(callback))));
     contentsDelegate->allowCertificateError(errorController);