Update some documentation for CertVerifyResult::verified_cert

net/cert/cert_verify_proc.h

Index: net/cert/cert_verify_proc.h
diff --git a/net/cert/cert_verify_proc.h b/net/cert/cert_verify_proc.h
index 5befe2418fe25fdabf233521fb2cbcd7ea9dd5be..81cebd6b5e1fa133c1abc37b7c3a3882d28d4a1d 100644
--- a/net/cert/cert_verify_proc.h
+++ b/net/cert/cert_verify_proc.h
@@ -89,9 +89,17 @@ class NET_EXPORT CertVerifyProc
                            VerifyRejectsSHA1AfterDeprecationLegacyMode);
 
   // Performs the actual verification using the desired underlying
-  // cryptographic library. On entry, |verify_result->verified_cert|
-  // is set to |cert|, the unverified chain. If no chain is built, the
-  // value must be left untouched.
+  //
+  // On entry, |verify_result| will be default-initialized as a successful
+  // validation, with |verify_result->verified_cert| set to |cert|.
+  //
+  // Implementations are expected to fill in all applicable fields, excluding
+  // |ocsp_result|, which will be filled in by |Verify()|. If an error code is
+  // returned, |verify_result->cert_status| should be non-zero, indicating an
+  // error occurred.
+  //
+  // On success, net::OK should be returned, with |verify_result| updated to
+  // reflect the successfully verified chain.
   virtual int VerifyInternal(X509Certificate* cert,
                              const std::string& hostname,
                              const std::string& ocsp_response,