Suggest upgrading to SP3 or later for invalid certificate errors.

BUG=349655

TEST=Find a windows xp sp2 machine, install chrome, go to twitter.com, verify the message looks right

Review URL: https://codereview.chromium.org/336273002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@285481 0039d316-1c4b-4281-b951-d872f2087c98

chrome/app/chromium_strings.grd

@@ -1263,6 +1263,9 @@ Signing in anyway will merge Chromium information like bookmarks, history, and o
           Chromium can't establish a private connection to &lt;strong&gt;<ph name="DOMAIN">$1<ex>paypal.com</ex></ph>&lt;/strong&gt;. This is probably because your computer's date is set incorrectly (<ph name="DATE">$2<ex>Jan 1, 1970</ex></ph>). You should refresh this page after <ph name="BEGIN_LINK">&lt;a href="#" id="clock-link"&gt;</ph>you update your computer's date and time<ph name="END_LINK">&lt;/a&gt;</ph>.
         </message>
       </if>
+      <message name="IDS_SSL_NONOVERRIDABLE_MORE_INVALID_SP3" desc="Body text for the explanation shown if the user clicks on the details windows, the certificate is invalid and the user has an old version of Windows (before WINDOWS XP SP3) running.">
+      Your computer is running an old version of Microsoft Windows that cannot process this website's security certificate. Because of this problem, Chromium can't tell whether the certificate came from <ph name="SITE">$1<ex>google.com</ex></ph> or from someone on your network pretending to be <ph name="SITE">$1<ex>google.com</ex></ph>. Please update your computer to a more recent version of Windows.
+      </message>
 
       <!-- OOBE -->
       <if expr="chromeos">

chrome/app/google_chrome_strings.grd

@@ -1188,6 +1188,9 @@ Signing in anyway will merge Chrome information like bookmarks, history, and oth
           Chrome can't establish a private connection to &lt;strong&gt;<ph name="DOMAIN">$1<ex>paypal.com</ex></ph>&lt;/strong&gt;. This is probably because your computer's date is set incorrectly (<ph name="DATE">$2<ex>Jan 1, 1970</ex></ph>). You should refresh this page after <ph name="BEGIN_LINK">&lt;a href="#" id="clock-link"&gt;</ph>you update your computer's date and time<ph name="END_LINK">&lt;/a&gt;</ph>.
         </message>
       </if>
+      <message name="IDS_SSL_NONOVERRIDABLE_MORE_INVALID_SP3" desc="Body text for the explanation shown if the user clicks on the details windows, the certificate is invalid and the user has an old version of Windows (before WINDOWS XP SP3) running.">
+      Your computer is running an old version of Microsoft Windows that cannot process this website's security certificate. Because of this problem, Google Chrome can't tell whether the certificate came from <ph name="SITE">$1<ex>google.com</ex></ph> or from someone on your network pretending to be <ph name="SITE">$1<ex>google.com</ex></ph>. Please update your computer to a more recent version of Windows.
+      </message>
 
       <!-- OOBE -->
       <if expr="chromeos">

chrome/browser/ssl/ssl_blocking_page.cc

@@ -613,17 +613,25 @@ std::string SSLBlockingPage::GetHTMLContentsV2() {
         l10n_util::GetStringFUTF16(IDS_SSL_OVERRIDABLE_PROCEED_PARAGRAPH, url));
   } else {  // Non-overridable.
     load_time_data.SetBoolean("overridable", false);
-    load_time_data.SetString(
-        "explanationParagraph",
-        l10n_util::GetStringFUTF16(IDS_SSL_NONOVERRIDABLE_MORE, url));
+    SSLErrorInfo::ErrorType type =
+        SSLErrorInfo::NetErrorToErrorType(cert_error_);
+    if (type == SSLErrorInfo::CERT_INVALID && SSLErrorClassification::
+        IsWindowsVersionSP3OrLower()) {
+      load_time_data.SetString(
+          "explanationParagraph",
+          l10n_util::GetStringFUTF16(
+              IDS_SSL_NONOVERRIDABLE_MORE_INVALID_SP3, url));
+    } else {
+      load_time_data.SetString("explanationParagraph",
+                               l10n_util::GetStringFUTF16(
+                                   IDS_SSL_NONOVERRIDABLE_MORE, url));
+    }
     load_time_data.SetString(
         "primaryButtonText",
         l10n_util::GetStringUTF16(IDS_SSL_NONOVERRIDABLE_RELOAD_BUTTON));
     // Customize the help link depending on the specific error type.
     // Only mark as HSTS if none of the more specific error types apply, and use
     // INVALID as a fallback if no other string is appropriate.
-    SSLErrorInfo::ErrorType type =
-        SSLErrorInfo::NetErrorToErrorType(cert_error_);
     load_time_data.SetInteger("errorType", type);
     int help_string = IDS_SSL_NONOVERRIDABLE_INVALID;
     switch (type) {

chrome/browser/ssl/ssl_error_classification.cc

@@ -16,6 +16,10 @@ using base::Time;
 using base::TimeTicks;
 using base::TimeDelta;
 
+#if defined(OS_WIN)
+#include "base/win/windows_version.h"
+#endif
+
 namespace {
 
 // Events for UMA. Do not reorder or change!
@@ -116,6 +120,16 @@ bool SSLErrorClassification::IsUserClockInTheFuture(base::Time time_now) {
   return false;
 }
 
+bool SSLErrorClassification::IsWindowsVersionSP3OrLower() {
+#if defined(OS_WIN)
+  const base::win::OSInfo* os_info = base::win::OSInfo::GetInstance();
+  base::win::OSInfo::ServicePack service_pack = os_info->service_pack();
+  if (os_info->version() < base::win::VERSION_VISTA && service_pack.major < 3)
+    return true;
+#endif
+  return false;
+}
+
 void SSLErrorClassification::RecordUMAStatistics(bool overridable) {
   if (IsUserClockInThePast(base::Time::NowFromSystemTime()))
     RecordSSLInterstitialCause(overridable, CLOCK_PAST);

chrome/browser/ssl/ssl_error_classification.h

@@ -23,6 +23,8 @@ class SSLErrorClassification {
   // the user is using a version of Chrome which is more than 1 year old.
   static bool IsUserClockInTheFuture(base::Time time_now);
 
+  static bool IsWindowsVersionSP3OrLower();
+
   // A method which calculates the severity score when the ssl error is
   // CERT_DATE_INVALID.
   float InvalidDateSeverityScore() const;