Allow the constructed certificate chain to be returned in CertVerifyResult

net/base/x509_chain_win.cc

Index: net/base/x509_chain_win.cc
diff --git a/net/base/x509_chain_win.cc b/net/base/x509_chain_win.cc
index 49ddc3f6908e4976986ca125c533bb707ac00061..468bfc0b0ba0db4f54072554ab774d55ee8f285c 100644
--- a/net/base/x509_chain_win.cc
+++ b/net/base/x509_chain_win.cc
@@ -257,7 +257,8 @@ bool CertSubjectCommonNameHasNull(PCCERT_CONTEXT cert) {
 // Saves some information about the certificate chain chain_context in
 // *verify_result.  The caller MUST initialize *verify_result before calling
 // this function.
-void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context,
+void GetCertChainInfo(int flags,
+                      PCCERT_CHAIN_CONTEXT chain_context,
                       CertVerifyResult* verify_result) {
   PCERT_SIMPLE_CHAIN first_chain = chain_context->rgpChain[0];
   int num_elements = first_chain->cElement;
@@ -285,6 +286,18 @@ void GetCertChainInfo(PCCERT_CHAIN_CONTEXT chain_context,
       verify_result->has_md4 = true;
     }
   }
+
+  bool return_chain = !!(flags & x509_chain::VERIFY_RETURN_CHAIN);
+  X509Certificate::OSCertHandles intermediates;
+  for (int i = 1; return_chain && i < num_elements; ++i) {
+    PCCERT_CONTEXT cert = element[i]->pCertContext;
+    intermediates.push_back(cert);
+  }
+
+  if (return_chain && num_elements > 0) {
+    verify_result->certificate = X509Certificate::CreateFromHandle(
+        element[0]->pCertContext, intermediates);
+  }
 }
 
 ///////////////////////////////////////////////////////////////////////////
@@ -486,7 +499,7 @@ int VerifySSLServer(X509Certificate* certificate, const std::string& hostname,
   X509Certificate::FreeOSCertListHandle(cert_list);
   ScopedCertChainContext scoped_chain_context(chain_context);
 
-  GetCertChainInfo(chain_context, verify_result);
+  GetCertChainInfo(flags, chain_context, verify_result);
 
   verify_result->cert_status |= MapCertChainErrorStatusToCertStatus(
       chain_context->TrustStatus.dwErrorStatus);