Misc changes to cert_verify_tool for errors

net/tools/cert_verify_tool/verify_using_path_builder.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/tools/cert_verify_tool/verify_using_path_builder.h"
 
 #include <iostream>
 
 #include "base/memory/ptr_util.h"
 #include "base/strings/string_number_conversions.h"
@@ skipping 100 matching lines @@
   if (!net::ParseNameValue(trust_anchor->normalized_subject(), &parsed_subject))
     return std::string();
   return SubjectToString(parsed_subject);
 }
 
 void PrintCertErrors(const net::CertErrors& errors) {
   // TODO(crbug.com/634443): Include more detailed error information. Also this
   // should likely be extracted to a common location and used by unit-tests and
   // other debugging needs.
   for (const auto& error : errors.errors()) {
-    std::cout << " " << error.type;
+    std::cout << " " << error.type << "\n";
   }
 }
 
 // Dumps a ResultPath to std::cout.
 void PrintResultPath(const net::CertPathBuilder::ResultPath* result_path,
                      size_t index,
                      bool is_best) {
   std::cout << "path " << index << " "
             << (result_path->valid ? "valid" : "invalid")
             << (is_best ? " (best)" : "") << "\n";
@@ skipping 10 matching lines @@
     std::string trust_anchor_cert_fingerprint = "<no cert>";
     if (trust_anchor->cert()) {
       trust_anchor_cert_fingerprint =
           FingerPrintParsedCertificate(trust_anchor->cert().get());
     }
     std::cout << " " << trust_anchor_cert_fingerprint << " "
               << SubjectFromTrustAnchor(trust_anchor.get()) << "\n";
   }
 
   // Print the errors.
-  if (result_path->errors.errors().empty()) {
+  if (!result_path->errors.errors().empty()) {

[eroman, 2016/09/02 21:32:28]

Oops!

Clearly I didn't even test this when I wrote it earlier :(

     std::cout << "Errors:\n";
     PrintCertErrors(result_path->errors);
   }
 }
 
 }  // namespace
 
 // Verifies |target_der_cert| using CertPathBuilder.
 bool VerifyUsingPathBuilder(
     const CertInput& target_der_cert,
     const std::vector<CertInput>& intermediate_der_certs,
     const std::vector<CertInput>& root_der_certs,
     const base::Time at_time,
     const base::FilePath& dump_prefix_path) {
-  std::cout << "NOTE: CertPathBuilder does not currently use OS trust settings "
-               "(--roots must be specified).\n";
-  std::cerr << "WARNING: --hostname is not yet verified with CertPathBuilder\n";
-
   base::Time::Exploded exploded_time;
   at_time.UTCExplode(&exploded_time);
   net::der::GeneralizedTime time = ConvertExplodedTime(exploded_time);
 
   net::TrustStoreInMemory trust_store;
   for (const auto& der_cert : root_der_certs) {
     scoped_refptr<net::ParsedCertificate> cert =
         net::ParsedCertificate::CreateFromCertificateCopy(der_cert.der_cert,
                                                           {});
     if (!cert)
@@ skipping 72 matching lines @@
     if (!DumpParsedCertificateChain(
             dump_prefix_path.AddExtension(
                 FILE_PATH_LITERAL(".CertPathBuilder.pem")),
             result.paths[result.best_result_index]->path)) {
       return false;
     }
   }
 
   return result.HasValidPath();
 }