Fix imported server certs being distrusted in NSS 3.13.

net/base/cert_database.h

Index: net/base/cert_database.h
diff --git a/net/base/cert_database.h b/net/base/cert_database.h
index 2e95624c911c1d070f6d4d1df65a6d93fbdc9e13..51a168175a3da4ccf621642dd35c3cd913203a07 100644
--- a/net/base/cert_database.h
+++ b/net/base/cert_database.h
@@ -80,14 +80,18 @@ class NET_EXPORT CertDatabase {
   // trusted as a server.
   // For EMAIL_CERT, only TRUSTED_EMAIL makes sense, and specifies the cert is
   // trusted for email.
+  // For non-root certs, TRUST_TERMINAL_RECORD specifies that the cert should
+  // not inherit trust from the issuer cert chain, and the cert will be trusted
+  // or not based only on which TRUSTED_* flags are set.
   // NOTE: The actual constants are defined using an enum instead of static
   // consts due to compilation/linkage constraints with template functions.
   typedef uint32 TrustBits;
   enum {
-    UNTRUSTED        =      0,
-    TRUSTED_SSL      = 1 << 0,
-    TRUSTED_EMAIL    = 1 << 1,
-    TRUSTED_OBJ_SIGN = 1 << 2,
+    UNTRUSTED             =      0,
+    TRUSTED_SSL           = 1 << 0,
+    TRUSTED_EMAIL         = 1 << 1,
+    TRUSTED_OBJ_SIGN      = 1 << 2,
+    EXPLICIT_DISTRUST     = 1 << 3,
   };
 
   CertDatabase();
@@ -101,7 +105,7 @@ class NET_EXPORT CertDatabase {
   // the platform cert database, or possibly other network error codes.
   int AddUserCert(X509Certificate* cert);
 
-#if defined(USE_NSS) || defined(USE_OPENSSL)
+#if defined(USE_NSS)
   // Get a list of unique certificates in the certificate database (one
   // instance of all certificates).
   void ListCerts(CertificateList* certs);
@@ -162,6 +166,7 @@ class NET_EXPORT CertDatabase {
   // |not_imported| should be checked for any certificates that were not
   // imported.
   bool ImportServerCert(const CertificateList& certificates,
+                        TrustBits trust_bits,
                         ImportCertFailureList* not_imported);
 
   // Get trust bits for certificate.