error: add is_fatal helper, use in verify_cert

This commit adds a method to `Error` for testing whether an error should
be considered fatal, e.g. should stop any further path building
progress. The existing consideration of fatal errors in
`loop_while_non_fatal_error` is updated to use the `is_fatal` fn.

Having this in a central place means we can avoid duplicating the match
arms in multiple places, where they are likely to fall out-of-sync.

Author: cpu

src/error.rs

@@ -115,6 +115,20 @@ pub enum Error {
     UnsupportedSignatureAlgorithmForPublicKey,
 }
 
+impl Error {
+    /// Returns true for errors that should be considered fatal during path building. Errors of
+    /// this class should halt any further path building and be returned immediately.
+    #[inline]
+    pub(crate) fn is_fatal(&self) -> bool {
+        matches!(
+            self,
+            Error::MaximumSignatureChecksExceeded
+                | Error::MaximumPathBuildCallsExceeded
+                | Error::MaximumNameConstraintComparisonsExceeded
+        )
+    }
+}
+
 impl fmt::Display for Error {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         write!(f, "{:?}", self)

src/verify_cert.rs

@@ -464,9 +464,9 @@ where
         // If the error is not fatal, then keep going.
         match f(v) {
             Ok(()) => return Ok(()),
-            err @ Err(Error::MaximumSignatureChecksExceeded)
-            | err @ Err(Error::MaximumPathBuildCallsExceeded)
-            | err @ Err(Error::MaximumNameConstraintComparisonsExceeded) => return err,
+            // Fatal errors should halt further looping.
+            res @ Err(err) if err.is_fatal() => return res,
+            // Non-fatal errors should allow looping to continue.
             _ => {}
         }
     }