Mac client-side SSL cert improvements.

net/base/x509_certificate.h

Index: net/base/x509_certificate.h
diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h
index b9a39956f64edaa821d19e29db3c2bb1b6094480..fbe486581ff20d807fe606477297b77141554861 100644
--- a/net/base/x509_certificate.h
+++ b/net/base/x509_certificate.h
@@ -225,15 +225,20 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
 #endif
 
 #if defined(OS_MACOSX)
+  // Does this certificate's usage allow SSL client authentication?
+  bool SupportsSSLClientAuth() const;
+
   // Creates a security policy for SSL client certificates.
   static OSStatus CreateSSLClientPolicy(SecPolicyRef* outPolicy);
 
   // Adds all available SSL client identity certs to the given vector.
+  // |domain| is a hint for which domain the cert is to be used for.
   static bool GetSSLClientCertificates(
+      std::string domain,

[wtc, 2010/02/24 01:44:51]

Nit: this input parameter should be const std::string&

It's not obvious why the domain matters to SSL client auth.
The name of that argument should contain "server", and
you should explain that it is for looking up the preferred
identity for that server.

       std::vector<scoped_refptr<X509Certificate> >* certs);
 
   // Creates the chain of certs to use for this client identity cert.
-  CFArrayRef CreateClientCertificateChain();
+  CFArrayRef CreateClientCertificateChain() const;
 #endif
 
   // Verifies the certificate against the given hostname.  Returns OK if