Correctly handle SSL Client Authentication requests when connecting...

net/http/http_network_transaction.cc

Index: net/http/http_network_transaction.cc
===================================================================
--- net/http/http_network_transaction.cc	(revision 65205)
+++ net/http/http_network_transaction.cc	(working copy)
@@ -172,8 +172,8 @@
 
   ssl_config_.client_cert = client_cert;
   if (client_cert) {
-    session_->ssl_client_auth_cache()->Add(GetHostAndPort(request_->url),
-                                           client_cert);
+    session_->ssl_client_auth_cache()->Add(

[wtc, 2010/11/11 01:11:35]

Please DCHECK that response_.cert_request_info->host_and_port
and GetHostAndPort(request_->url) are equal.  Also at line
982 below.

[Ryan Hamilton, 2010/11/11 18:57:00]

I don't think this would be correct.  In the case of an HTTPS proxy, the
response_.cert_request_info->host_and_port would match the host and port of the
proxy, not of the request url.   I could DCHECK that it is either of those two
conditions though?

[wtc, 2010/11/12 00:12:55]

I see.  No need to add any DCHECK then.

+        response_.cert_request_info->host_and_port, client_cert);
   }
   ssl_config_.send_client_cert = true;
   // Reset the other member variables.
@@ -979,8 +979,8 @@
 
   // If the user selected one of the certificate in client_certs for this
   // server before, use it automatically.
-  X509Certificate* client_cert = session_->ssl_client_auth_cache()->
-                                 Lookup(GetHostAndPort(request_->url));
+  X509Certificate* client_cert = session_->ssl_client_auth_cache()->Lookup(
+      response_.cert_request_info->host_and_port);
   if (client_cert) {
     const std::vector<scoped_refptr<X509Certificate> >& client_certs =
         response_.cert_request_info->client_certs;