net/testserver.py: Add handler to reply with client auth status.

net/tools/testserver/testserver.py

Index: net/tools/testserver/testserver.py
diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
index ba1fd662abf95c98bfa10f838068484b87a1d858..fa40e68f9b1917d34a32fa48d303595bdd8a326d 100755
--- a/net/tools/testserver/testserver.py
+++ b/net/tools/testserver/testserver.py
@@ -336,6 +336,7 @@ class TestPageHandler(testserver_base.BasePageHandler):
       self.GetSSLSessionCacheHandler,
       self.SSLManySmallRecords,
       self.GetChannelID,
+      self.GetClientCert,
       self.ClientCipherListHandler,
       self.CloseSocketHandler,
       self.RangeResetHandler,
@@ -1512,6 +1513,23 @@ class TestPageHandler(testserver_base.BasePageHandler):
     self.wfile.write(hashlib.sha256(channel_id).digest().encode('base64'))
     return True
 
+  def GetClientCert(self):
+    """Send a reply whether a client certificate was provided."""
+
+    if not self._ShouldHandleRequest('/client-cert'):
+      return False
+
+    self.send_response(200)
+    self.send_header('Content-Type', 'text/plain')
+    self.end_headers()
+
+    cert_present = self.server.tlsConnection.session.clientCertChain != None
+    if cert_present:
+      self.wfile.write('got a client cert')
+    else:
+      self.wfile.write('got no client cert')

[Ryan Sleevi, 2015/08/06 23:48:52]

nit: Would it make more sense to write the SHA-256 hash of the certificate
chain, as received? That way you can make sure you're getting the _right_ client
cert, consistently :)

[pneubeck (no reviews), 2015/08/07 11:47:42]

Done.

+    return True
+
   def ClientCipherListHandler(self):
     """Send a reply containing the cipher suite list that the client
     provided. Each cipher suite value is serialized in decimal, followed by a