Use sidestep to detour CertVerifyCertificateSignatureEx on Windows versions earlier than Vista (excluding XP SP3), adding in SHA-256 support by deferring to NSS.

The canonical path to supporting SHA-256 is to install XP SP3 or the appropriate hotfixes for XP x64 / Windows Server 2003. However, as not all users may do so, and there's enough of a usability hurdle, provide an interception hook until we fully drop support for these systems.

XP is already outside of MSFT EOL (April 2014). Windows Server 2003 is EOL'd July 2015.

BUG=401365

Review URL: https://codereview.chromium.org/561613002

Cr-Commit-Position: refs/heads/master@{#296335}
7 files changed