Add unique serial numbers to sample X509 certificates. Remove the "sendClientCertificate" parameter…

sdk/lib/io/secure_socket.dart

 // Copyright (c) 2013, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 part of dart.io;
 
 /**
  * A high-level class for communicating securely over a TCP socket, using
  * TLS and SSL. The [SecureSocket] exposes both a [Stream] and an
  * [IOSink] interface, making it ideal for using together with
  * other [Stream]s.
  */
 abstract class SecureSocket implements Socket {
   external factory SecureSocket._(RawSecureSocket rawSocket);
 
   /**
    * Constructs a new secure client socket and connect it to the given
    * [host] on port [port]. The returned Future will complete with a
    * [SecureSocket] that is connected and ready for subscription.
    *
+   * The certificate provided by the server is checked
+   * using the trusted certificates set in the SecurityContext object.
+   * The default SecurityContext object contains a built-in set of trusted
+   * root certificates for well-known certificate authorities.
+   *
    * [onBadCertificate] is an optional handler for unverifiable certificates.
    * The handler receives the [X509Certificate], and can inspect it and
    * decide (or let the user decide) whether to accept
    * the connection or not.  The handler should return true
    * to continue the [SecureSocket] connection.
    */
   static Future<SecureSocket> connect(
       host,
       int port,
       {SecurityContext context,
        bool onBadCertificate(X509Certificate certificate),
-       bool sendClientCertificate,
        List<String> supportedProtocols}) {
     return RawSecureSocket.connect(host,
                                    port,
                                    context: context,
                                    onBadCertificate: onBadCertificate,
                                    supportedProtocols: supportedProtocols)
         .then((rawSocket) => new SecureSocket._(rawSocket));
   }
 
   /**
@@ skipping 116 matching lines @@
 }
 
 
 /**
  * RawSecureSocket provides a secure (SSL or TLS) network connection.
  * Client connections to a server are provided by calling
  * RawSecureSocket.connect.  A secure server, created with
  * RawSecureServerSocket, also returns RawSecureSocket objects representing
  * the server end of a secure connection.
  * The certificate provided by the server is checked
- * using the trusted certificates set in the SecurityContext object and/or
- * the default built-in root certificates.
+ * using the trusted certificates set in the SecurityContext object.
+ * The default SecurityContext object contains a built-in set of trusted
+ * root certificates for well-known certificate authorities.
  */
 abstract class RawSecureSocket implements RawSocket {
   /**
    * Constructs a new secure client socket and connect it to the given
    * host on the given port. The returned Future is completed with the
    * RawSecureSocket when it is connected and ready for subscription.
    *
    * The certificate provided by the server is checked
-   * using the trusted certificates set in the SecurityContext object and/or
-   * the default built-in
-   * root certificates. If [sendClientCertificate] is
-   * set to true, the socket will send a client certificate if one is
-   * requested by the server. If [certificateName] is the nickname of
-   * a certificate in the certificate database, that certificate will be sent.
-   * If [certificateName] is null, which is the usual use case, an
-   * appropriate certificate will be searched for in the database and
-   * sent automatically, based on what the server says it will accept.
+   * using the trusted certificates set in the SecurityContext object
+   * If a certificate and key are set on the client, using useCertificateChain
+   * and usePrivateKey, and the server asks for a client certificate,
+   * then that client certificate is sent to the server.
    *
    * [onBadCertificate] is an optional handler for unverifiable certificates.
    * The handler receives the [X509Certificate], and can inspect it and
    * decide (or let the user decide) whether to accept
    * the connection or not.  The handler should return true
    * to continue the [RawSecureSocket] connection.
    */
   static Future<RawSecureSocket> connect(
       host,
       int port,
@@ skipping 220 matching lines @@
   static Future<_RawSecureSocket> connect(
       host,
       int requestedPort,
       {bool is_server,
        SecurityContext context,
        RawSocket socket,
        StreamSubscription subscription,
        List<int> bufferedData,
        bool requestClientCertificate: false,
        bool requireClientCertificate: false,
-       bool sendClientCertificate: false,
        bool onBadCertificate(X509Certificate certificate),
        List<String> supportedProtocols}) {
     _verifyFields(host, requestedPort, is_server,
                  requestClientCertificate, requireClientCertificate,
                  onBadCertificate);
     if (host is InternetAddress) host = host.host;
     var address = socket.address;
     if (host != null) address =  address._cloneWithNewHost(host);
     return new _RawSecureSocket(address,
                                 requestedPort,
@@ skipping 67 matching lines @@
     }
     try {
       var encodedProtocols =
           SecurityContext._protocolsToLengthEncoding(supportedProtocols);
       _secureFilter.connect(address.host,
                             context,
                             is_server,
                             requestClientCertificate ||
                                 requireClientCertificate,
                             requireClientCertificate,
-                            // TODO(whesse): Remove sendClientCertificate
-                            // argument, or add it to API.
-                            false, // sendClientCertificate,
                             encodedProtocols);
       _secureHandshake();
     } catch (e, s) {
       _reportError(e, s);
     }
   }
 
   StreamSubscription listen(void onData(RawSocketEvent data),
                             {Function onError,
                              void onDone(),
@@ skipping 632 matching lines @@
 
 
 abstract class _SecureFilter {
   external factory _SecureFilter();
 
   void connect(String hostName,
                SecurityContext context,
                bool is_server,
                bool requestClientCertificate,
                bool requireClientCertificate,
-               bool sendClientCertificate,
                Uint8List protocols);
   void destroy();
   void handshake();
   String selectedProtocol();
   void rehandshake();
   void renegotiate(bool useSessionCache,
                    bool requestClientCertificate,
                    bool requireClientCertificate);
   void init();
   X509Certificate get peerCertificate;
@@ skipping 49 matching lines @@
 /**
  * An exception that happens in the handshake phase of establishing
  * a secure network connection, when looking up or verifying a
  * certificate.
  */
 class CertificateException extends TlsException {
   const CertificateException([String message = "",
                             OSError osError = null])
      : super._("CertificateException", message, osError);
 }