Implement GetChain for OpenSSLCertificate.

rtc_base/opensslstreamadapter.cc

Index: rtc_base/opensslstreamadapter.cc
diff --git a/rtc_base/opensslstreamadapter.cc b/rtc_base/opensslstreamadapter.cc
index 6fad7f9d488a69ea40fab6926ac19a5cc79f423e..1a6aa8a0526d7522de9144f776ec5443572d0c38 100644
--- a/rtc_base/opensslstreamadapter.cc
+++ b/rtc_base/opensslstreamadapter.cc
@@ -38,6 +38,7 @@
 
 namespace {
   bool g_use_time_callback_for_testing = false;
+  const int kMaxSupportedCertChainDepth = 3;
 }
 
 namespace rtc {
@@ -1112,18 +1113,16 @@ int OpenSSLStreamAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) {
   // For now we ignore the parent certificates and verify the leaf against
   // the digest.
   //
-  // TODO(jiayl): Verify the chain is a proper chain and report the chain to
-  // |stream->peer_certificate_|.
-  if (depth > 0) {
-    LOG(LS_INFO) << "Ignored chained certificate at depth " << depth;
-    return 1;
-  }
 
   OpenSSLStreamAdapter* stream =
       reinterpret_cast<OpenSSLStreamAdapter*>(SSL_get_app_data(ssl));
 
-  // Record the peer's certificate.
-  stream->peer_certificate_.reset(new OpenSSLCertificate(cert));
+  STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store);
+  if (sk_X509_num(chain) >= kMaxSupportedCertChainDepth) {
+    LOG(LS_INFO) << "Ignore chained certificate at depth " << depth;
+    return 1;
+  }
+  stream->peer_certificate_.reset(new OpenSSLCertificate(chain));
 
   // If the peer certificate digest isn't known yet, we'll wait to verify
   // until it's known, and for now just return a success status.