Fix imported server certs being distrusted in NSS 3.13.

chrome/browser/chromeos/cros/onc_network_parser.cc

Index: chrome/browser/chromeos/cros/onc_network_parser.cc
diff --git a/chrome/browser/chromeos/cros/onc_network_parser.cc b/chrome/browser/chromeos/cros/onc_network_parser.cc
index 8919b76e9f7a25b6a5e8c841ac2d6b46e8907ea8..076c80542d039d7fe240213104e883a68d8cb5e1 100644
--- a/chrome/browser/chromeos/cros/onc_network_parser.cc
+++ b/chrome/browser/chromeos/cros/onc_network_parser.cc
@@ -829,6 +829,8 @@ OncNetworkParser::ParseServerOrCaCertificate(
         return NULL;
       }
       if (trust_type == "Web") {
+        // "Web" implies that the certificate is to be trusted for HTTPS SSL

[wtc, 2012/05/30 00:19:24]

Nit: remove "HTTPS"?  Seems redundant with "SSL".

[mattm, 2012/05/30 22:40:58]

Done.

+        // identification.
         web_trust = true;
       } else {
         LOG(WARNING) << "ONC File: certificate contains unknown "
@@ -929,12 +931,12 @@ OncNetworkParser::ParseServerOrCaCertificate(
   cert_list.push_back(x509_cert);
   net::CertDatabase::ImportCertFailureList failures;
   bool success = false;
+  net::CertDatabase::TrustBits trust = web_trust ?
+                                       net::CertDatabase::TRUSTED_SSL :
+                                       net::CertDatabase::TRUST_DEFAULT;
   if (cert_type == "Server") {
-    success = cert_database.ImportServerCert(cert_list, &failures);
+    success = cert_database.ImportServerCert(cert_list, trust, &failures);
   } else {  // Authority cert
-    net::CertDatabase::TrustBits trust = web_trust ?
-                                         net::CertDatabase::TRUSTED_SSL :
-                                         net::CertDatabase::UNTRUSTED;
     success = cert_database.ImportCACerts(cert_list, trust, &failures);
   }
   if (!failures.empty()) {