NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles.

net/cert/cert_verify_proc.cc

Index: net/cert/cert_verify_proc.cc
diff --git a/net/cert/cert_verify_proc.cc b/net/cert/cert_verify_proc.cc
index 798d90203663b9796bd93d4e25290b13dcc9632a..67566edef8e80cf4d5aa95db226a62b8e87dd406 100644
--- a/net/cert/cert_verify_proc.cc
+++ b/net/cert/cert_verify_proc.cc
@@ -18,7 +18,9 @@
 #include "net/cert/x509_certificate.h"
 #include "url/url_canon.h"
 
-#if defined(USE_NSS) || defined(OS_IOS)
+#if defined(OS_CHROMEOS)
+#include "net/cert/cert_verify_proc_chromeos.h"
+#elif defined(USE_NSS) || defined(OS_IOS)
 #include "net/cert/cert_verify_proc_nss.h"
 #elif defined(USE_OPENSSL) && !defined(OS_ANDROID)
 #include "net/cert/cert_verify_proc_openssl.h"
@@ -165,7 +167,10 @@ bool ExaminePublicKeys(const scoped_refptr<X509Certificate>& cert,
 
 // static
 CertVerifyProc* CertVerifyProc::CreateDefault() {
-#if defined(USE_NSS) || defined(OS_IOS)
+#if defined(OS_CHROMEOS)
+  // Creates a CertVerifyProc that doesn't allow any profile-provided certs.
+  return new CertVerifyProcChromeOS();
+#elif defined(USE_NSS) || defined(OS_IOS)
   return new CertVerifyProcNSS();
 #elif defined(USE_OPENSSL) && !defined(OS_ANDROID)
   return new CertVerifyProcOpenSSL();