Add an out parameter to VerifyCertificateChain for retrieving the trusted chain.

net/cert/internal/verify_certificate_chain_unittest.cc

Index: net/cert/internal/verify_certificate_chain_unittest.cc
diff --git a/net/cert/internal/verify_certificate_chain_unittest.cc b/net/cert/internal/verify_certificate_chain_unittest.cc
index 11323f8bc75035078fa0f18810c310ef942b5e02..fad5df41fa8d303c8811a20b08a4a3d8a3e0b371 100644
--- a/net/cert/internal/verify_certificate_chain_unittest.cc
+++ b/net/cert/internal/verify_certificate_chain_unittest.cc
@@ -114,8 +114,8 @@ void RunTest(const char* file_name) {
 
   SimpleSignaturePolicy signature_policy(1024);
 
-  bool result =
-      VerifyCertificateChain(input_chain, trust_store, &signature_policy, time);
+  bool result = VerifyCertificateChain(input_chain, trust_store,

[eroman, 2016/06/16 22:11:36]

Please add some form of verification of the out parameter.

Basically it should be one longer than |input_chain|, match on all those
elements, and then the last element should be the trusted certificate in
trust_store.

Can check the last one by using
TrustStore::IsTrustedCertificate(built_chain.back()) or something like that.

[ryanchung, 2016/06/16 22:47:08]

Done.

+                                       &signature_policy, time, nullptr);
 
   ASSERT_EQ(expected_result, result);
 }
@@ -235,8 +235,8 @@ TEST(VerifyCertificateChainTest, EmptyChainIsInvalid) {
   std::vector<scoped_refptr<ParsedCertificate>> chain;
   SimpleSignaturePolicy signature_policy(2048);
 
-  ASSERT_FALSE(
-      VerifyCertificateChain(chain, trust_store, &signature_policy, time));
+  ASSERT_FALSE(VerifyCertificateChain(chain, trust_store, &signature_policy,
+                                      time, nullptr));
 }
 
 // TODO(eroman): Add test that invalidate validity dates where the day or month