Add CertErrors* parameter to the main Certificate parsing functions.

net/cert/internal/parse_certificate.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_
 #define NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_
 
 #include <stdint.h>
 
 #include <map>
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "net/base/net_export.h"
 #include "net/der/input.h"
 #include "net/der/parse_values.h"
 
 namespace net {
 
+class CertErrors;
 struct ParsedTbsCertificate;
 
 // Returns true if the given serial number (CertificateSerialNumber in RFC 5280)
 // is valid:
 //
 //    CertificateSerialNumber  ::=  INTEGER
 //
 // The input to this function is the (unverified) value octets of the INTEGER.
 // This function will verify that:
 //
@@ skipping 18 matching lines @@
 
 struct NET_EXPORT ParseCertificateOptions {
   // If set to true, then parsing will skip checks on the certificate's serial
   // number. The only requirement will be that the serial number is an INTEGER,
   // however it is not required to be a valid DER-encoding (i.e. minimal
   // encoding), nor is it required to be constrained to any particular length.
   bool allow_invalid_serial_numbers = false;
 };
 
 // Parses a DER-encoded "Certificate" as specified by RFC 5280. Returns true on
-// success and sets the results in the |out_*| parameters.
+// success and sets the results in the |out_*| parameters. On both the failure
+// and success case, if |out_errors| was non-null it may contain extra error
+// information.
 //
 // Note that on success the out parameters alias data from the input
 // |certificate_tlv|.  Hence the output values are only valid as long as
 // |certificate_tlv| remains valid.
 //
-// On failure the out parameters have an undefined state. Some of them may have
-// been updated during parsing, whereas others may not have been changed.
+// On failure the out parameters have an undefined state, except for
+// out_errors. Some of them may have been updated during parsing, whereas
+// others may not have been changed.
 //
 // The out parameters represent each field of the Certificate SEQUENCE:
 //       Certificate  ::=  SEQUENCE  {
 //
 // The |out_tbs_certificate_tlv| parameter corresponds with "tbsCertificate"
 // from RFC 5280:
 //         tbsCertificate       TBSCertificate,
 //
 // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No
 // guarantees are made regarding the value of this SEQUENCE.
 // This can be further parsed using ParseTbsCertificate().
 //
 // The |out_signature_algorithm_tlv| parameter corresponds with
 // "signatureAlgorithm" from RFC 5280:
 //         signatureAlgorithm   AlgorithmIdentifier,
 //
 // This contains the full (unverified) Tag-Length-Value for a SEQUENCE. No
 // guarantees are made regarding the value of this SEQUENCE.
 // This can be further parsed using SignatureValue::CreateFromDer().
 //
 // The |out_signature_value| parameter corresponds with "signatureValue" from
 // RFC 5280:
 //         signatureValue       BIT STRING  }
 //
 // Parsing guarantees that this is a valid BIT STRING.
 NET_EXPORT bool ParseCertificate(const der::Input& certificate_tlv,
                                  der::Input* out_tbs_certificate_tlv,
                                  der::Input* out_signature_algorithm_tlv,
-                                 der::BitString* out_signature_value)
-    WARN_UNUSED_RESULT;
+                                 der::BitString* out_signature_value,
+                                 CertErrors* out_errors) WARN_UNUSED_RESULT;
 
 // Parses a DER-encoded "TBSCertificate" as specified by RFC 5280. Returns true
 // on success and sets the results in |out|. Certain invalid inputs may
 // be accepted based on the provided |options|.
 //
 // Note that on success |out| aliases data from the input |tbs_tlv|.
 // Hence the fields of the ParsedTbsCertificate are only valid as long as
 // |tbs_tlv| remains valid.
 //
 // On failure |out| has an undefined state. Some of its fields may have been
@@ skipping 340 matching lines @@
 // accessLocation types other than uniformResourceIdentifier are silently
 // ignored.
 NET_EXPORT bool ParseAuthorityInfoAccess(
     const der::Input& authority_info_access_tlv,
     std::vector<base::StringPiece>* out_ca_issuers_uris,
     std::vector<base::StringPiece>* out_ocsp_uris) WARN_UNUSED_RESULT;
 
 }  // namespace net
 
 #endif  // NET_CERT_INTERNAL_PARSE_CERTIFICATE_H_