Include both certificate chains in invalid cert reporting

net/socket/ssl_client_socket_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
 // from AuthCertificateCallback() in
 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
 
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
@@ skipping 2877 matching lines @@
 bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
   EnterFunction("");
   ssl_info->Reset();
   if (core_->state().server_cert_chain.empty() ||
       !core_->state().server_cert_chain[0]) {
     return false;
   }
 
   ssl_info->cert_status = server_cert_verify_result_.cert_status;
   ssl_info->cert = server_cert_verify_result_.verified_cert;
+  ssl_info->unverified_server_cert =
+      server_cert_verify_result_.unverified_server_cert;
 
   AddSCTInfoToSSLInfo(ssl_info);
 
   ssl_info->connection_status =
       core_->state().ssl_connection_status;
   ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
   ssl_info->is_issued_by_known_root =
       server_cert_verify_result_.is_issued_by_known_root;
   ssl_info->client_cert_sent =
       ssl_config_.send_client_cert && ssl_config_.client_cert.get();
@@ skipping 553 matching lines @@
       reinterpret_cast<char*>(
           core_->state().server_cert_chain[0]->derCert.data),
       core_->state().server_cert_chain[0]->derCert.len);
   CertStatus cert_status;
   if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) {
     DCHECK(start_cert_verification_time_.is_null());
     VLOG(1) << "Received an expected bad cert with status: " << cert_status;
     server_cert_verify_result_.Reset();
     server_cert_verify_result_.cert_status = cert_status;
     server_cert_verify_result_.verified_cert = core_->state().server_cert;
+    server_cert_verify_result_.unverified_server_cert =
+        core_->state().server_cert;
     return OK;
   }
 
   // We may have failed to create X509Certificate object if we are
   // running inside sandbox.
   if (!core_->state().server_cert.get()) {
     server_cert_verify_result_.Reset();
     server_cert_verify_result_.cert_status = CERT_STATUS_INVALID;
     return ERR_CERT_INVALID;
   }
@@ skipping 144 matching lines @@
   }
   for (ct::SCTList::const_iterator iter =
        ct_verify_result_.unknown_logs_scts.begin();
        iter != ct_verify_result_.unknown_logs_scts.end(); ++iter) {
     ssl_info->signed_certificate_timestamps.push_back(
         SignedCertificateTimestampAndStatus(*iter,
                                             ct::SCT_STATUS_LOG_UNKNOWN));
   }
 }
 
-scoped_refptr<X509Certificate>
-SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const {
-  return core_->state().server_cert.get();
-}
-
 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {
   return channel_id_service_;
 }
 
 }  // namespace net