SSL in EmbeddedTestServer

net/socket/ssl_server_socket_nss.cc

Index: net/socket/ssl_server_socket_nss.cc
diff --git a/net/socket/ssl_server_socket_nss.cc b/net/socket/ssl_server_socket_nss.cc
index 614265e45eecce1653acbf03ce79b90f80e50954..4984ece9d770ce8b28cf04a3dbad640a838a5449 100644
--- a/net/socket/ssl_server_socket_nss.cc
+++ b/net/socket/ssl_server_socket_nss.cc
@@ -82,7 +82,7 @@ scoped_ptr<SSLServerSocket> CreateSSLServerSocket(
     scoped_ptr<StreamSocket> socket,
     X509Certificate* cert,
     crypto::RSAPrivateKey* key,
-    const SSLConfig& ssl_config) {
+    const SSLServerConfig& ssl_config) {
   DCHECK(g_nss_server_sockets_init) << "EnableSSLServerSockets() has not been"
                                     << " called yet!";
 
@@ -94,7 +94,7 @@ SSLServerSocketNSS::SSLServerSocketNSS(
     scoped_ptr<StreamSocket> transport_socket,
     scoped_refptr<X509Certificate> cert,
     crypto::RSAPrivateKey* key,
-    const SSLConfig& ssl_config)
+    const SSLServerConfig& ssl_config)
     : transport_send_busy_(false),
       transport_recv_busy_(false),
       user_read_buf_len_(0),
@@ -332,6 +332,15 @@ int SSLServerSocketNSS::InitializeSSLOptions() {
 
   int rv;
 
+  if (ssl_config_.require_client_cert) {
+    rv = SSL_OptionSet(nss_fd_, SSL_REQUEST_CERTIFICATE, PR_TRUE);
+    if (rv != SECSuccess) {
+      LogFailedNSSFunction(net_log_, "SSL_OptionSet",
+                           "SSL_REQUEST_CERTIFICATE");
+      return ERR_UNEXPECTED;
+    }
+  }
+
   rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY");