Remove obsolete NSS version checks.

BUG=none

Review URL: https://codereview.chromium.org/141503002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@245646 0039d316-1c4b-4281-b951-d872f2087c98

chrome/browser/chromeos/policy/policy_cert_verifier_browsertest.cc

@@ -173,10 +173,7 @@ TEST_F(PolicyCertVerifierTest, VerifyTrustedCert) {
 }
 
 TEST_F(PolicyCertVerifierTest, VerifyUsingAdditionalTrustAnchor) {
-  if (!SupportsAdditionalTrustAnchors()) {
-    LOG(INFO) << "Test skipped on this platform. NSS >= 3.14.2 required.";
-    return;
-  }
+  ASSERT_TRUE(SupportsAdditionalTrustAnchors());
 
   // |test_server_cert_| is untrusted, so Verify() fails.
   {

net/cert/cert_verify_proc_nss.cc

@@ -33,17 +33,6 @@
 #include "net/cert/x509_util_ios.h"
 #endif  // defined(OS_IOS)
 
-#define NSS_VERSION_NUM (NSS_VMAJOR * 10000 + NSS_VMINOR * 100 + NSS_VPATCH)
-#if NSS_VERSION_NUM < 31305
-// Added in NSS 3.13.5.
-#define SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED -8016
-#endif
-
-#if NSS_VERSION_NUM < 31402
-// Added in NSS 3.14.2.
-#define cert_pi_useOnlyTrustAnchors static_cast<CERTValParamInType>(14)
-#endif
-
 namespace net {
 
 namespace {
@@ -744,8 +733,7 @@ CertVerifyProcNSS::CertVerifyProcNSS() {}
 CertVerifyProcNSS::~CertVerifyProcNSS() {}
 
 bool CertVerifyProcNSS::SupportsAdditionalTrustAnchors() const {
-  // This requires APIs introduced in 3.14.2.
-  return NSS_VersionCheck("3.14.2");
+  return true;
 }
 
 int CertVerifyProcNSS::VerifyInternal(
@@ -801,7 +789,7 @@ int CertVerifyProcNSS::VerifyInternal(
     verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;
 
   ScopedCERTCertList trust_anchors;
-  if (SupportsAdditionalTrustAnchors() && !additional_trust_anchors.empty()) {
+  if (!additional_trust_anchors.empty()) {
     trust_anchors.reset(
         CertificateListToCERTCertList(additional_trust_anchors));
   }

net/cert/nss_cert_database_unittest.cc

@@ -591,13 +591,6 @@ TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned) {
 }
 
 TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned_Trusted) {
-  // When using CERT_PKIXVerifyCert (which we do), server trust only works from
-  // 3.13.4 onwards.  See https://bugzilla.mozilla.org/show_bug.cgi?id=647364.
-  if (!NSS_VersionCheck("3.13.4")) {
-    LOG(INFO) << "test skipped on NSS < 3.13.4";
-    return;
-  }
-
   CertificateList certs;
   ASSERT_TRUE(ReadCertIntoList("punycodetest.der", &certs));
 
@@ -666,12 +659,6 @@ TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert) {
 }
 
 TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert_DistrustServer) {
-  // Explicit distrust only works starting in NSS 3.13.
-  if (!NSS_VersionCheck("3.13")) {
-    LOG(INFO) << "test skipped on NSS < 3.13";
-    return;
-  }
-
   CertificateList ca_certs = CreateCertificateListFromFile(
       GetTestCertsDirectory(), "root_ca_cert.pem",
       X509Certificate::FORMAT_AUTO);
@@ -760,12 +747,6 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) {
   EXPECT_EQ(OK, error);
   EXPECT_EQ(0U, verify_result.cert_status);
 
-  // Explicit distrust only works starting in NSS 3.13.
-  if (!NSS_VersionCheck("3.13")) {
-    LOG(INFO) << "test partially skipped on NSS < 3.13";
-    return;
-  }
-
   // Trust the root cert and distrust the intermediate.
   EXPECT_TRUE(cert_db_->SetCertTrust(
       ca_certs[0].get(), CA_CERT, NSSCertDatabase::TRUSTED_SSL));
@@ -929,12 +910,6 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa3) {
 }
 
 TEST_F(CertDatabaseNSSTest, TrustIntermediateCa4) {
-  // Explicit distrust only works starting in NSS 3.13.
-  if (!NSS_VersionCheck("3.13")) {
-    LOG(INFO) << "test skipped on NSS < 3.13";
-    return;
-  }
-
   NSSCertDatabase::ImportCertFailureList failed;
 
   CertificateList ca_certs = CreateCertificateListFromFile(