Allow the constructed certificate chain to be returned in CertVerifyResult

net/base/x509_chain_mac.cc

Index: net/base/x509_chain_mac.cc
diff --git a/net/base/x509_chain_mac.cc b/net/base/x509_chain_mac.cc
index b1503f9faff66d19bd56305366d4caa71c4aebe9..b50cddabf31c28094566a5c26b41ea2f77793c58 100644
--- a/net/base/x509_chain_mac.cc
+++ b/net/base/x509_chain_mac.cc
@@ -290,6 +290,21 @@ int VerifySSLServer(X509Certificate* certificate, const std::string& hostname,
     return NetErrorFromOSStatus(status);
   scoped_cftyperef<CFArrayRef> scoped_completed_chain(completed_chain);
 
+  // Copy the certificate chain, regardless of the results, if requested.
+  if (flags & VERIFY_RETURN_CHAIN) {
+    X509Certificate::OSCertHandles intermediates;
+    for (CFIndex i = 1, count = CFArrayGetCount(completed_chain); i < count;
+         ++i) {
+      intermediates.push_back(reinterpret_cast<SecCertificateRef>(
+          const_cast<void*>(CFArrayGetValueAtIndex(completed_chain, i))));
+    }
+
+    SecCertificateRef server_cert = reinterpret_cast<SecCertificateRef>(
+        const_cast<void*>(CFArrayGetValueAtIndex(completed_chain, 0)));
+    verify_result->certificate = X509Certificate::CreateFromHandle(
+        server_cert, intermediates);
+  }
+
   // Evaluate the results
   OSStatus cssm_result;
   bool got_certificate_error = false;