Fix imported server certs being distrusted in NSS 3.13.

chrome/common/net/x509_certificate_model_unittest.cc

Index: chrome/common/net/x509_certificate_model_unittest.cc
diff --git a/chrome/common/net/x509_certificate_model_unittest.cc b/chrome/common/net/x509_certificate_model_unittest.cc
index 233475e213d697e5f00751c4a4c94e7f830191fd..1f841e62a471146c9cf84b8a4e2c59c96d70e8ed 100644
--- a/chrome/common/net/x509_certificate_model_unittest.cc
+++ b/chrome/common/net/x509_certificate_model_unittest.cc
@@ -28,13 +28,8 @@ TEST(X509CertificateModelTest, GetTypeCA) {
   // Test that explicitly distrusted CA certs are still returned as CA_CERT
   // type. See http://crbug.com/96654.
   net::CertDatabase cert_db;
-  // TODO(mattm): This depends on the implementation details of SetCertTrust
-  // where calling with SERVER_CERT and UNTRUSTED causes a cert to be explicitly
-  // distrusted (trust set to CERTDB_TERMINAL_RECORD). See
-  // http://crbug.com/116411.  When I fix that bug I'll also add a way to set
-  // this directly.
-  EXPECT_TRUE(cert_db.SetCertTrust(cert, net::SERVER_CERT,
-                                   net::CertDatabase::UNTRUSTED));
+  EXPECT_TRUE(cert_db.SetCertTrust(cert, net::CA_CERT,
+                                   net::CertDatabase::DISTRUSTED_SSL));
 
   EXPECT_EQ(net::CA_CERT,
             x509_certificate_model::GetType(cert->os_cert_handle()));
@@ -52,20 +47,24 @@ TEST(X509CertificateModelTest, GetTypeServer) {
   EXPECT_EQ(net::UNKNOWN_CERT,
             x509_certificate_model::GetType(cert->os_cert_handle()));
 #else
+  // Test GetCertType with server certs and default trust.  Currently this

[wtc, 2012/05/22 00:28:39]

In these comments, "GetCertType" is a little confusing because
the test calls x509_certificate_model::GetType.  It may be
clearer to fully qualify GetCertType in the comments.

[mattm, 2012/05/26 03:41:35]

Done.

+  // doesn't work.
   // TODO(mattm): make GetCertType smarter so we can tell server certs even if
   // they have no trust bits set.
   EXPECT_EQ(net::UNKNOWN_CERT,
             x509_certificate_model::GetType(cert->os_cert_handle()));
 
   net::CertDatabase cert_db;
+  // Test GetCertType with server certs and explicit trust.
   EXPECT_TRUE(cert_db.SetCertTrust(cert, net::SERVER_CERT,
                                    net::CertDatabase::TRUSTED_SSL));
 
   EXPECT_EQ(net::SERVER_CERT,
             x509_certificate_model::GetType(cert->os_cert_handle()));
 
+  // Test GetCertType with server certs and explicit distrust.
   EXPECT_TRUE(cert_db.SetCertTrust(cert, net::SERVER_CERT,
-                                   net::CertDatabase::UNTRUSTED));
+                                   net::CertDatabase::DISTRUSTED_SSL));
 
   EXPECT_EQ(net::SERVER_CERT,
             x509_certificate_model::GetType(cert->os_cert_handle()));