Set Token-Binding HTTP header

net/socket/ssl_client_socket.h

Index: net/socket/ssl_client_socket.h
diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h
index ad458b2665e97aab42136390e39fac6ed1ac33b0..4492108b0c129764ec0e290b7e179a571d233ffa 100644
--- a/net/socket/ssl_client_socket.h
+++ b/net/socket/ssl_client_socket.h
@@ -8,6 +8,7 @@
 #include <string>
 
 #include "base/gtest_prod_util.h"
+#include "crypto/ec_private_key.h"
 #include "net/base/completion_callback.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
@@ -130,6 +131,11 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
   // channel ids are not supported.
   virtual ChannelIDService* GetChannelIDService() const = 0;
 
+  // Signs the EKM value for Token binding with |*key| and puts it in |*out|.
+  // Returns a net error code of ERR_FAILED or OK.
+  virtual int GetSignedEKMForTokenBinding(crypto::ECPrivateKey* key,
+                                          std::vector<uint8_t>* out) = 0;
+
   // Returns the state of the handshake when it failed, or |SSL_FAILURE_NONE| if
   // the handshake succeeded. This is used to classify causes of the TLS version
   // fallback.