Check TBSCertificate.algorithm and Certificate.signatureAlgorithm for consistency when verifying certificates.
The underlying platform verifiers don't do this, which can lead to
confusion when trying to enforce policy for SHA1 on the verified chain.
* If the two signature algorithms don't match will fail with
ERR_INVALID_CERT.
* If the chain contains a signature algorithm that we don't know how to
parse, will also fail with ERR_INVALID_CERT
BUG=690821
Review-Url: https://codereview.chromium.org/2731603002
Cr-Commit-Position: refs/heads/master@{#455682}
(cherry picked from commit a77953fe670968fe6728796b77cedf48f0954d78)
Review-Url: https://codereview.chromium.org/2750723002 .
Cr-Commit-Position: refs/branch-heads/3029@{#166}
Cr-Branched-From: 939b32ee5ba05c396eef3fd992822fcca9a2e262-refs/heads/master@{#454471}
14 files changed
