The net::CertTrustAnchorProvider is an abstraction to support ChromeOS trust anchor providers. However, if net::CertVerifier took an input of trust anchors (e.g. as part of a CertVerifier::RequestParams), we could remove that interface and leave it entirely up to the higher //chrome code to compose, by supplying the trust anchor certs in the Verify() call.

e.g.
PolicyCertVerifier::Verify(const CertVerifier::RequestParams& params, ...) {
  CertVerifier::RequestParams local_request(params);
  local_request.SetTrustAnchors(GetAdditionalTrustAnchors());

  verifier_->Verify(local_request, ...);
}

PolicyCertVerifier::GetAdditionalTrustAnchors() {
  .. What it does today
}


Basically, get rid of the entire concept of net::CertTrustAnchorProvider, which is weird.