The HashValueVector returned from certificate validation is currently unsorted and reflects the order in which the certificate chain was walked. However, as more features rely on the HashValueVector and determining if it contains or doesn't contain a particular hash - whether for HPKP policies, CT policies, or CA restrictions - it seems to make sense to make the API contract such that a CertVerifyResult's HashValueVector is always sorted in a defined sort order, so that it can be quickly searched for specific values, or iterated efficiently in parallel with other HashValue-based policies.

While the contents of this vector are small (<10 items), the number of O(N^2) algorithms being deployed to compare against it may justify the sort cost.