Emily: Given that DevTools will open the security panel, not the console, on the error case, do we think a Console-specific message will be useful versus panel messaging? Just something I noticed when doing testing yesterday.

I think it opens whatever panel you had open last. We could do both a console message and Security panel for maximum visibility. (Note that we'll get some visibility in security panel for "free" -- just by introducing the new net error code it'll say "This site is missing a valid, trusted certificate (net::ERR_CERT_LEGACY_SYMANTEC_ROOT)" rather than ERR_CERT_AUTHORITY_INVALID.)

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c6ee87489cbf795120163c5374c4ac9fbcf373fa

commit c6ee87489cbf795120163c5374c4ac9fbcf373fa
Author: Emily Stark <estark@google.com>
Date: Tue Feb 27 16:00:17 2018

Add new net error code for legacy Symantec certificates

This CL adds a new net error code for legacy Symantec certificates that are
being distrusted in M66 and M70. The net error code will display on the
interstitial, allowing the specific problem to be diagnosed from just a
screenshot of the interstitial. We can also use it to decide when to put a
console message in DevTools.

Because there is code that maps net error -> CertStatus -> net error, this also
requires a new CertStatus flag for the error.

Bug:  815219 
Change-Id: Ic15d6c96f8bdef38c26157af13bbf099fee43b70
Reviewed-on: https://chromium-review.googlesource.com/934969
Commit-Queue: Ryan Sleevi <rsleevi@chromium.org>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#539439}
[modify] https://crrev.com/c6ee87489cbf795120163c5374c4ac9fbcf373fa/chrome/browser/ssl/ssl_error_assistant.cc
[modify] https://crrev.com/c6ee87489cbf795120163c5374c4ac9fbcf373fa/chrome/browser/ssl/ssl_error_assistant.proto
[modify] https://crrev.com/c6ee87489cbf795120163c5374c4ac9fbcf373fa/chrome/browser/ssl/ssl_error_handler.cc
[modify] https://crrev.com/c6ee87489cbf795120163c5374c4ac9fbcf373fa/components/certificate_reporting/cert_logger.proto
[modify] https://crrev.com/c6ee87489cbf795120163c5374c4ac9fbcf373fa/components/certificate_reporting/error_report.cc
[modify] https://crrev.com/c6ee87489cbf795120163c5374c4ac9fbcf373fa/components/ssl_errors/error_info.cc
[modify] https://crrev.com/c6ee87489cbf795120163c5374c4ac9fbcf373fa/components/ssl_errors/error_info.h
[modify] https://crrev.com/c6ee87489cbf795120163c5374c4ac9fbcf373fa/net/base/net_error_list.h
[modify] https://crrev.com/c6ee87489cbf795120163c5374c4ac9fbcf373fa/net/cert/cert_status_flags.cc
[modify] https://crrev.com/c6ee87489cbf795120163c5374c4ac9fbcf373fa/net/cert/cert_status_flags_list.h
[modify] https://crrev.com/c6ee87489cbf795120163c5374c4ac9fbcf373fa/net/cert/cert_verify_proc.cc
[modify] https://crrev.com/c6ee87489cbf795120163c5374c4ac9fbcf373fa/net/cert/cert_verify_proc_unittest.cc
[modify] https://crrev.com/c6ee87489cbf795120163c5374c4ac9fbcf373fa/tools/metrics/histograms/enums.xml

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b9badd48c531332137b25a715c38e9e3b662066a

commit b9badd48c531332137b25a715c38e9e3b662066a
Author: Emily Stark <estark@google.com>
Date: Wed Feb 28 01:45:55 2018

Add DevTools message for Symantec certs that have been distrusted

We already have logging for certs that are slated to be distrusted in a future
release. But we should also have a log message for certs that already have been
distrusted, to aid site owners in debugging. This CL adds logging for resources
that failed to load due to a legacy Symantec cert.

Note: this doesn't yet cover iframes, that'll have to be done separately.

Bug:  815219 
Change-Id: I24a51011ef8d92668c184ec8fbd2e89969497b71
Reviewed-on: https://chromium-review.googlesource.com/938973
Commit-Queue: Emily Stark <estark@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#539641}
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/chrome/browser/ssl/ssl_browsertest.cc
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/third_party/WebKit/Source/core/exported/LocalFrameClientImpl.cpp
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/third_party/WebKit/Source/core/exported/LocalFrameClientImpl.h
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/third_party/WebKit/Source/core/frame/LocalFrameClient.h
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/third_party/WebKit/Source/core/loader/DocumentLoader.cpp
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/third_party/WebKit/Source/core/loader/FrameFetchContext.cpp
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/third_party/WebKit/Source/core/loader/FrameFetchContext.h
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/third_party/WebKit/Source/core/loader/FrameFetchContextTest.cpp
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/third_party/WebKit/Source/core/loader/WorkerFetchContext.cpp
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/third_party/WebKit/Source/core/loader/WorkerFetchContext.h
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/third_party/WebKit/Source/platform/loader/fetch/FetchContext.cpp
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/third_party/WebKit/Source/platform/loader/fetch/FetchContext.h
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/third_party/WebKit/Source/platform/loader/fetch/ResourceFetcher.cpp
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/third_party/WebKit/Source/platform/network/NetworkUtils.cpp
[modify] https://crrev.com/b9badd48c531332137b25a715c38e9e3b662066a/third_party/WebKit/Source/platform/network/NetworkUtils.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/97a8accfcb1462c88d5e412c5d5a62300956769e

commit 97a8accfcb1462c88d5e412c5d5a62300956769e
Author: Emily Stark <estark@google.com>
Date: Sat Mar 03 02:45:52 2018

Log console message for distrusted Symantec iframe resources

We currently log a warning message for subresources that use Symantec
certificates that have been distrusted. This message didn't fire, however, for
iframe main resources because Blink isn't notified about them in the same way
as it is other failed resource loads. To log for iframe main resources, the
logging logic is moved in RenderFrameImpl (from LocalFrameClientImpl) and
called when a frame fails to load.

This doesn't work 100% reliably for OOPIFs because of  https://crbug.com/817881 .

Bug:  815219 
Change-Id: I961a3e664c0383a7ff81be7def6de17185501243
Reviewed-on: https://chromium-review.googlesource.com/943984
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Emily Stark <estark@chromium.org>
Cr-Commit-Position: refs/heads/master@{#540727}
[modify] https://crrev.com/97a8accfcb1462c88d5e412c5d5a62300956769e/chrome/browser/ssl/ssl_browsertest.cc
[modify] https://crrev.com/97a8accfcb1462c88d5e412c5d5a62300956769e/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/97a8accfcb1462c88d5e412c5d5a62300956769e/content/renderer/render_frame_impl.h
[modify] https://crrev.com/97a8accfcb1462c88d5e412c5d5a62300956769e/third_party/WebKit/Source/core/exported/LocalFrameClientImpl.cpp
[modify] https://crrev.com/97a8accfcb1462c88d5e412c5d5a62300956769e/third_party/WebKit/Source/core/exported/LocalFrameClientImpl.h
[modify] https://crrev.com/97a8accfcb1462c88d5e412c5d5a62300956769e/third_party/WebKit/public/web/WebFrameClient.h

Requesting a merge for the commit in #5. I've verified it in canary and it's covered by automated tests as well (SymantecMessageSSLUITest.DistrustedIframeResource).

Your change meets the bar and is auto-approved for M66. Please go ahead and merge the CL to branch 3359 manually. Please contact milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), josafat@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/52c2ad21d9d0c7d1bbcdca45c33ea9270e2ee402

commit 52c2ad21d9d0c7d1bbcdca45c33ea9270e2ee402
Author: Emily Stark <estark@google.com>
Date: Wed Mar 07 23:11:40 2018

Log console message for distrusted Symantec iframe resources

We currently log a warning message for subresources that use Symantec
certificates that have been distrusted. This message didn't fire, however, for
iframe main resources because Blink isn't notified about them in the same way
as it is other failed resource loads. To log for iframe main resources, the
logging logic is moved in RenderFrameImpl (from LocalFrameClientImpl) and
called when a frame fails to load.

This doesn't work 100% reliably for OOPIFs because of  https://crbug.com/817881 .

Bug:  815219 
Change-Id: I961a3e664c0383a7ff81be7def6de17185501243
Reviewed-on: https://chromium-review.googlesource.com/943984
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Emily Stark <estark@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#540727}(cherry picked from commit 97a8accfcb1462c88d5e412c5d5a62300956769e)
Reviewed-on: https://chromium-review.googlesource.com/954082
Reviewed-by: Emily Stark <estark@chromium.org>
Cr-Commit-Position: refs/branch-heads/3359@{#78}
Cr-Branched-From: 66afc5e5d10127546cc4b98b9117aff588b5e66b-refs/heads/master@{#540276}
[modify] https://crrev.com/52c2ad21d9d0c7d1bbcdca45c33ea9270e2ee402/chrome/browser/ssl/ssl_browsertest.cc
[modify] https://crrev.com/52c2ad21d9d0c7d1bbcdca45c33ea9270e2ee402/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/52c2ad21d9d0c7d1bbcdca45c33ea9270e2ee402/content/renderer/render_frame_impl.h
[modify] https://crrev.com/52c2ad21d9d0c7d1bbcdca45c33ea9270e2ee402/third_party/WebKit/Source/core/exported/LocalFrameClientImpl.cpp
[modify] https://crrev.com/52c2ad21d9d0c7d1bbcdca45c33ea9270e2ee402/third_party/WebKit/Source/core/exported/LocalFrameClientImpl.h
[modify] https://crrev.com/52c2ad21d9d0c7d1bbcdca45c33ea9270e2ee402/third_party/WebKit/public/web/WebFrameClient.h