Set Token-Binding HTTP header

net/socket/ssl_client_socket.h

Index: net/socket/ssl_client_socket.h
diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h
index 3a6aa94258f30a72efe54ec5a3ee3183e4022a6d..9f6551ab8c3ae4e6c3cd433e44f9f5d215f5802a 100644
--- a/net/socket/ssl_client_socket.h
+++ b/net/socket/ssl_client_socket.h
@@ -22,6 +22,10 @@ class FilePath;
 class SequencedTaskRunner;
 }
 
+namespace crypto {
+class ECPrivateKey;
+}
+
 namespace net {
 
 class CTPolicyEnforcer;
@@ -144,6 +148,11 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
   // channel ids are not supported.
   virtual ChannelIDService* GetChannelIDService() const = 0;
 
+  // Signs the EKM value for Token Binding with |*key| and puts it in |*out|.
+  // Returns a net error code.
+  virtual Error GetSignedEKMForTokenBinding(crypto::ECPrivateKey* key,
+                                            std::vector<uint8_t>* out) = 0;
+
   // Returns the state of the handshake when it failed, or |SSL_FAILURE_NONE| if
   // the handshake succeeded. This is used to classify causes of the TLS version
   // fallback.