Add new certificateProvider extension API.

net/tools/testserver/testserver.py

Index: net/tools/testserver/testserver.py
diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
index c861feeef9cb2848909c1acb5c74b58023021a6c..27b934cad8124a619a73e3185418ff6a096fdd1d 100755
--- a/net/tools/testserver/testserver.py
+++ b/net/tools/testserver/testserver.py
@@ -337,6 +337,7 @@ class TestPageHandler(testserver_base.BasePageHandler):
       self.GetSSLSessionCacheHandler,
       self.SSLManySmallRecords,
       self.GetChannelID,
+      self.GetClientCert,
       self.ClientCipherListHandler,
       self.CloseSocketHandler,
       self.RangeResetHandler,
@@ -1530,6 +1531,23 @@ class TestPageHandler(testserver_base.BasePageHandler):
     self.wfile.write(hashlib.sha256(channel_id).digest().encode('base64'))
     return True
 
+  def GetClientCert(self):
+    """Send a reply containing the client certificate that the client provided."""
+
+    if not self._ShouldHandleRequest('/client-cert'):
+      return False
+
+    self.send_response(200)
+    self.send_header('Content-Type', 'text/plain')
+    self.end_headers()
+
+    cert_present = self.server.tlsConnection.session.clientCertChain != None
+    if cert_present:
+      self.wfile.write('got a client cert')
+    else:
+      self.wfile.write('got no client cert')
+    return True
+
   def ClientCipherListHandler(self):
     """Send a reply containing the cipher suite list that the client
     provided. Each cipher suite value is serialized in decimal, followed by a