Fix imported server certs being distrusted in NSS 3.13.

chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp

Index: chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
diff --git a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
index c161b65d8523ecddc748cce013d9c49a27638605..b2e30830d5686932863c6d5574aaa64b77672a62 100644
--- a/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
+++ b/chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp
@@ -40,6 +40,7 @@
 
 #include "chrome/third_party/mozilla_security_manager/nsNSSCertHelper.h"
 
+#include <certdb.h>
 #include <keyhi.h>
 #include <prprf.h>
 #include <unicode/uidna.h>
@@ -53,9 +54,16 @@
 #include "grit/generated_resources.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_util.h"
-#include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h"
 #include "ui/base/l10n/l10n_util.h"
 
+#if !defined(CERTDB_TERMINAL_RECORD)
+/* NSS 3.13 renames CERTDB_VALID_PEER to CERTDB_TERMINAL_RECORD
+ * and marks CERTDB_VALID_PEER as deprecated.
+ * If we're using an older version, rename it ourselves.
+ */
+#define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER
+#endif
+
 namespace {
 
 std::string BMPtoUTF8(PRArenaPool* arena, unsigned char* data,
@@ -1038,12 +1046,11 @@ std::string ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo* spki) {
 }
 
 net::CertType GetCertType(CERTCertificate *cert) {
-  nsNSSCertTrust trust(cert->trust);
-  if (cert->nickname && trust.HasAnyUser())
+  if (cert->nickname && cert->trust->sslFlags & CERTDB_USER)
     return net::USER_CERT;
-  if (trust.HasAnyCA() || CERT_IsCACert(cert, NULL))
+  if (cert->trust->sslFlags & CERTDB_VALID_CA || CERT_IsCACert(cert, NULL))
     return net::CA_CERT;
-  if (trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE))
+  if (cert->trust->sslFlags & CERTDB_TERMINAL_RECORD)
     return net::SERVER_CERT;
   return net::UNKNOWN_CERT;
 }