Update CertVerifyProcIOS::GetCertFailureStatusFromTrust for iOS 12.0.

iOS 12.0 introduced "Unable to build chain to root certificate." error.
This error is mapped to CERT_STATUS_INVALID and CERT_STATUS_AUTHORITY_INVALID.

Bug: 843236, 852534
Cq-Include-Trybots: luci.chromium.try:ios-simulator-full-configs;master.tryserver.chromium.mac:ios-simulator-cronet
Change-Id: I90e4f9f97084c2ce06d4560b7e2d695f9b5454ae
Reviewed-on: https://chromium-review.googlesource.com/1094700
Commit-Queue: Justin Cohen <justincohen@chromium.org>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#567028}

net/cert/cert_verify_proc_ios.cc

@@ -205,6 +205,12 @@ CertStatus CertVerifyProcIOS::GetCertFailureStatusFromTrust(SecTrustRef trust) {
       CFBundleCopyLocalizedString(bundle, hostname_mismatch_string,
                                   hostname_mismatch_string,
                                   CFSTR("SecCertificate")));
+  CFStringRef root_certificate_string =
+      CFSTR("Unable to build chain to root certificate.");
+  ScopedCFTypeRef<CFStringRef> root_certificate_error(
+      CFBundleCopyLocalizedString(bundle, root_certificate_string,
+                                  root_certificate_string,
+                                  CFSTR("SecCertificate")));
   CFStringRef policy_requirements_not_met_string =
       CFSTR("Policy requirements not met.");
   ScopedCFTypeRef<CFStringRef> policy_requirements_not_met_error(
@@ -228,6 +234,8 @@ CertStatus CertVerifyProcIOS::GetCertFailureStatusFromTrust(SecTrustRef trust) {
       reason |= CERT_STATUS_COMMON_NAME_INVALID;
     } else if (CFEqual(error, policy_requirements_not_met_error)) {
       reason |= CERT_STATUS_INVALID | CERT_STATUS_AUTHORITY_INVALID;
+    } else if (CFEqual(error, root_certificate_error)) {
+      reason |= CERT_STATUS_AUTHORITY_INVALID;
     } else {
       reason |= CERT_STATUS_INVALID;
     }