Revert of Distrust publicly trusted SHA-1 certs

Revert of Distrust publicly trusted SHA-1 certs (patchset #1 id:1 of https://codereview.chromium.org/2483783003/ )

Reason for revert:
CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed failing in net_unittests on Windows-10

Findit helped narrow:
https://findit-for-me.appspot.com/waterfall/build-failure?url=https://build.chromium.org/p/chromium.win/builders/Win10%20Tests%20x64/builds/5825

Reliable failure:
https://chromium-swarm.appspot.com/user/task/325ecf51e2458510

"""
[ RUN      ] CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed

c:\b\c\b\win\src\net\cert\cert_verify_proc_unittest.cc(1625): error: Value of: error

Expected: net::OK

  Actual: -213, net::ERR_CERT_VALIDITY_TOO_LONG

[  FAILED  ] CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed (5 ms)
"""

Original issue's description:
> Distrust publicly trusted SHA-1 certs
>
> Reject all publicly trusted SHA-1 certificates, as announced
> September 2014 at
> https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html
> and
> https://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
>
> To avoid too much disruption, enterprise SHA-1
> is still allowed for M56; in M57, it will be
> disabled unless the EnableSha1ForLocalAnchors policy is
> set, as described at
> https://www.chromium.org/Home/chromium-security/education/tls/sha-1
>
> As with other TLS deprecations, an emergency 'undeprecate'
> switch is kept around in the event of unexpected breakage,
> to allow rapid reverting to the previous behaviour.
>
> BUG=653691
>
> Committed: https://crrev.com/a6bdfc7c128e0e51b3717c52c113d8dcff30bcb9
> Cr-Commit-Position: refs/heads/master@{#430674}

TBR=davidben@chromium.org,rsleevi@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=653691
Committed: https://crrev.com/72d496d755369eb7f930fccb2389381425f316f6
Cr-Commit-Position: refs/heads/master@{#430795}

[scheib, 2016-11-09 00:33:54]

The CQ bit was checked by scheib@chromium.org

[scheib, 2016-11-09 00:33:54]

Created Revert of Distrust publicly trusted SHA-1 certs

[commit-bot: I haz the power, 2016-11-09 00:34:49]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-09 00:36:03]

Description was changed from

==========
Revert of Distrust publicly trusted SHA-1 certs (patchset #1 id:1 of
https://codereview.chromium.org/2483783003/ )

Reason for revert:
CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed failing in
net_unittests on Windows-10

Findit helped narrow:
https://findit-for-me.appspot.com/waterfall/build-failure?url=https://build.c...

Reliable failure: 
https://chromium-swarm.appspot.com/user/task/325ecf51e2458510

"""
[ RUN      ] CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed

c:\b\c\b\win\src\net\cert\cert_verify_proc_unittest.cc(1625): error: Value of:
error

Expected: net::OK

  Actual: -213, net::ERR_CERT_VALIDITY_TOO_LONG

[  FAILED  ] CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed (5
ms)
"""

Original issue's description:
> Distrust publicly trusted SHA-1 certs
> 
> Reject all publicly trusted SHA-1 certificates, as announced
> September 2014 at
> https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html
> and
> https://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
> 
> To avoid too much disruption, enterprise SHA-1
> is still allowed for M56; in M57, it will be
> disabled unless the EnableSha1ForLocalAnchors policy is
> set, as described at
> https://www.chromium.org/Home/chromium-security/education/tls/sha-1
> 
> As with other TLS deprecations, an emergency 'undeprecate'
> switch is kept around in the event of unexpected breakage,
> to allow rapid reverting to the previous behaviour.
> 
> BUG=653691
> 
> Committed: https://crrev.com/a6bdfc7c128e0e51b3717c52c113d8dcff30bcb9
> Cr-Commit-Position: refs/heads/master@{#430674}

TBR=davidben@chromium.org,rsleevi@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=653691
==========

to

==========
Revert of Distrust publicly trusted SHA-1 certs (patchset #1 id:1 of
https://codereview.chromium.org/2483783003/ )

Reason for revert:
CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed failing in
net_unittests on Windows-10

Findit helped narrow:
https://findit-for-me.appspot.com/waterfall/build-failure?url=https://build.c...

Reliable failure: 
https://chromium-swarm.appspot.com/user/task/325ecf51e2458510

"""
[ RUN      ] CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed

c:\b\c\b\win\src\net\cert\cert_verify_proc_unittest.cc(1625): error: Value of:
error

Expected: net::OK

  Actual: -213, net::ERR_CERT_VALIDITY_TOO_LONG

[  FAILED  ] CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed (5
ms)
"""

Original issue's description:
> Distrust publicly trusted SHA-1 certs
> 
> Reject all publicly trusted SHA-1 certificates, as announced
> September 2014 at
> https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html
> and
> https://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
> 
> To avoid too much disruption, enterprise SHA-1
> is still allowed for M56; in M57, it will be
> disabled unless the EnableSha1ForLocalAnchors policy is
> set, as described at
> https://www.chromium.org/Home/chromium-security/education/tls/sha-1
> 
> As with other TLS deprecations, an emergency 'undeprecate'
> switch is kept around in the event of unexpected breakage,
> to allow rapid reverting to the previous behaviour.
> 
> BUG=653691
> 
> Committed: https://crrev.com/a6bdfc7c128e0e51b3717c52c113d8dcff30bcb9
> Cr-Commit-Position: refs/heads/master@{#430674}

TBR=davidben@chromium.org,rsleevi@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=653691
==========

[commit-bot: I haz the power, 2016-11-09 00:36:04]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-11-09 00:40:58]

Description was changed from

==========
Revert of Distrust publicly trusted SHA-1 certs (patchset #1 id:1 of
https://codereview.chromium.org/2483783003/ )

Reason for revert:
CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed failing in
net_unittests on Windows-10

Findit helped narrow:
https://findit-for-me.appspot.com/waterfall/build-failure?url=https://build.c...

Reliable failure: 
https://chromium-swarm.appspot.com/user/task/325ecf51e2458510

"""
[ RUN      ] CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed

c:\b\c\b\win\src\net\cert\cert_verify_proc_unittest.cc(1625): error: Value of:
error

Expected: net::OK

  Actual: -213, net::ERR_CERT_VALIDITY_TOO_LONG

[  FAILED  ] CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed (5
ms)
"""

Original issue's description:
> Distrust publicly trusted SHA-1 certs
> 
> Reject all publicly trusted SHA-1 certificates, as announced
> September 2014 at
> https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html
> and
> https://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
> 
> To avoid too much disruption, enterprise SHA-1
> is still allowed for M56; in M57, it will be
> disabled unless the EnableSha1ForLocalAnchors policy is
> set, as described at
> https://www.chromium.org/Home/chromium-security/education/tls/sha-1
> 
> As with other TLS deprecations, an emergency 'undeprecate'
> switch is kept around in the event of unexpected breakage,
> to allow rapid reverting to the previous behaviour.
> 
> BUG=653691
> 
> Committed: https://crrev.com/a6bdfc7c128e0e51b3717c52c113d8dcff30bcb9
> Cr-Commit-Position: refs/heads/master@{#430674}

TBR=davidben@chromium.org,rsleevi@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=653691
==========

to

==========
Revert of Distrust publicly trusted SHA-1 certs (patchset #1 id:1 of
https://codereview.chromium.org/2483783003/ )

Reason for revert:
CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed failing in
net_unittests on Windows-10

Findit helped narrow:
https://findit-for-me.appspot.com/waterfall/build-failure?url=https://build.c...

Reliable failure:
https://chromium-swarm.appspot.com/user/task/325ecf51e2458510

"""
[ RUN      ] CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed

c:\b\c\b\win\src\net\cert\cert_verify_proc_unittest.cc(1625): error: Value of:
error

Expected: net::OK

  Actual: -213, net::ERR_CERT_VALIDITY_TOO_LONG

[  FAILED  ] CertVerifyProcTest.RejectsPublicSHA1IntermediatesUnlessAllowed (5
ms)
"""

Original issue's description:
> Distrust publicly trusted SHA-1 certs
>
> Reject all publicly trusted SHA-1 certificates, as announced
> September 2014 at
> https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html
> and
> https://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html
>
> To avoid too much disruption, enterprise SHA-1
> is still allowed for M56; in M57, it will be
> disabled unless the EnableSha1ForLocalAnchors policy is
> set, as described at
> https://www.chromium.org/Home/chromium-security/education/tls/sha-1
>
> As with other TLS deprecations, an emergency 'undeprecate'
> switch is kept around in the event of unexpected breakage,
> to allow rapid reverting to the previous behaviour.
>
> BUG=653691
>
> Committed: https://crrev.com/a6bdfc7c128e0e51b3717c52c113d8dcff30bcb9
> Cr-Commit-Position: refs/heads/master@{#430674}

TBR=davidben@chromium.org,rsleevi@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=653691

Committed: https://crrev.com/72d496d755369eb7f930fccb2389381425f316f6
Cr-Commit-Position: refs/heads/master@{#430795}
==========

[commit-bot: I haz the power, 2016-11-09 00:40:59]

Patchset 1 (id:??) landed as
https://crrev.com/72d496d755369eb7f930fccb2389381425f316f6
Cr-Commit-Position: refs/heads/master@{#430795}