Add errors per ResultPath for CertPathBuilder.

components/cast_certificate/cast_crl.cc

Index: components/cast_certificate/cast_crl.cc
diff --git a/components/cast_certificate/cast_crl.cc b/components/cast_certificate/cast_crl.cc
index c1b15be848ae19223bd12cad6e2318334132d4f6..600b5efd4aec3998470b4c896dee55ffd18ca6c1 100644
--- a/components/cast_certificate/cast_crl.cc
+++ b/components/cast_certificate/cast_crl.cc
@@ -145,9 +145,9 @@ bool VerifyCRL(const Crl& crl,
                                     &result);
   net::CompletionStatus rv = path_builder.Run(base::Closure());
   DCHECK_EQ(rv, net::CompletionStatus::SYNC);
-  if (!result.is_success() || result.paths.empty() ||
-      !result.paths[result.best_result_index]->is_success()) {
+  if (!result.HasValidPath()) {
     VLOG(2) << "CRL - Issuer certificate verification failed.";
+    // TODO(crbug.com/634443): Log the error information.
     return false;
   }
   // There are no requirements placed on the leaf certificate having any
@@ -174,7 +174,7 @@ bool VerifyCRL(const Crl& crl,
   // "expiration" of the trust anchor is handled instead by its
   // presence in the trust store.
   *overall_not_after = not_after;
-  for (const auto& cert : result.paths[result.best_result_index]->path.certs) {
+  for (const auto& cert : result.GetBestValidPath()->path.certs) {
     net::der::GeneralizedTime cert_not_after = cert->tbs().validity_not_after;
     if (cert_not_after < *overall_not_after)
       *overall_not_after = cert_not_after;