Work around GTE CyberTrust/Baltimore CyberTrust cross-signing issues

net/data/ssl/certificates/README

Index: net/data/ssl/certificates/README
diff --git a/net/data/ssl/certificates/README b/net/data/ssl/certificates/README
index e4e7e6498a3d025c681d296b95b2c3ff7558c941..8f9e4a7b3e23e9da80741bf11df295c58146a420 100644
--- a/net/data/ssl/certificates/README
+++ b/net/data/ssl/certificates/README
@@ -193,3 +193,18 @@ unit tests.
      containing the intermediate, which can be served via a URLRequestFilter.
      aia-intermediate.der is stored in DER form for convenience, since that is
      the form expected of certificates discovered via AIA.
+
+- cybertrust_gte_root.pem
+- cybertrust_baltimore_root.pem
+- cybertrust_omniroot_chain.pem
+- cybertrust_baltimore_cross_certified_1.pem
+- cybertrust_baltimore_cross_certified_2.pem
+     These certificates are reflect a portion of the CyberTrust (Verizon
+     Business) CA hierarchy. _gte_root.pem is a legacy 1024-bit root that is
+     still widely supported, while _baltimore_root.pem reflects the newer
+     2048-bit root. For clients that only support the GTE root, two versions
+     of the Baltimore root were cross-signed by GTE, namely
+     _cross_certified_[1,2].pem. _omniroot_chain.pem contains a certificate
+     chain that was issued under the Baltimore root. Combined, these
+     certificates can be used to test real-world cross-signing; in practice,
+     they are used to test certain workarounds for OS X's chain building code.