Remove the fingerprint and ca_fingerprint from X509Certificate

ios/web/net/cert_policy.cc

Index: ios/web/net/cert_policy.cc
diff --git a/ios/web/net/cert_policy.cc b/ios/web/net/cert_policy.cc
index 46d5699de3f00d046137741edd53f924d5614ae6..5855f97b39128df06de3aa48e3c88d2a424d5541 100644
--- a/ios/web/net/cert_policy.cc
+++ b/ios/web/net/cert_policy.cc
@@ -19,10 +19,9 @@ CertPolicy::~CertPolicy() {
 // |error| is an exact match to or subset of the errors in the saved CertStatus.
 CertPolicy::Judgment CertPolicy::Check(net::X509Certificate* cert,
                                        net::CertStatus error) const {
-  std::map<net::SHA1HashValue,
-           net::CertStatus,
-           net::SHA1HashValueLessThan>::const_iterator allowed_iter =
-      allowed_.find(cert->fingerprint());
+  auto allowed_iter =
+      allowed_.find(net::X509Certificate::CalculateChainFingerprint256(
+          cert->os_cert_handle(), cert->GetIntermediateCertificates()));
   if ((allowed_iter != allowed_.end()) && (allowed_iter->second & error) &&
       !(~(allowed_iter->second & error) ^ ~error)) {
     return ALLOWED;
@@ -33,7 +32,8 @@ CertPolicy::Judgment CertPolicy::Check(net::X509Certificate* cert,
 void CertPolicy::Allow(net::X509Certificate* cert, net::CertStatus error) {
   // If this same cert had already been saved with a different error status,
   // this will replace it with the new error status.
-  allowed_[cert->fingerprint()] = error;
+  allowed_[net::X509Certificate::CalculateChainFingerprint256(
+      cert->os_cert_handle(), cert->GetIntermediateCertificates())] = error;
 }
 
 }  // namespace web