Support for client certs in ssl_server_socket.

net/socket/ssl_server_socket_nss.cc

Index: net/socket/ssl_server_socket_nss.cc
diff --git a/net/socket/ssl_server_socket_nss.cc b/net/socket/ssl_server_socket_nss.cc
index 3ed4da199510e66d781dff74cc10e36b375fb92c..1a8633013ea49aa490146a6513f6b6f063b788bb 100644
--- a/net/socket/ssl_server_socket_nss.cc
+++ b/net/socket/ssl_server_socket_nss.cc
@@ -37,6 +37,7 @@
 #include "crypto/rsa_private_key.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
+#include "net/cert/cert_verifier.h"
 #include "net/log/net_log.h"
 #include "net/socket/nss_ssl_util.h"
 
@@ -81,21 +82,30 @@ void EnableSSLServerSockets() {
 
 scoped_ptr<SSLServerSocket> CreateSSLServerSocket(
     scoped_ptr<StreamSocket> socket,
-    X509Certificate* cert,
+    X509Certificate* certificate,
     crypto::RSAPrivateKey* key,
-    const SSLServerConfig& ssl_config) {
+    const SSLServerConfig& ssl_server_config) {
   DCHECK(g_nss_server_sockets_init) << "EnableSSLServerSockets() has not been"
                                     << " called yet!";
 
-  return scoped_ptr<SSLServerSocket>(
-      new SSLServerSocketNSS(socket.Pass(), cert, key, ssl_config));
+  return scoped_ptr<SSLServerSocket>(new SSLServerSocketNSS(
+      socket.Pass(), certificate, key, ssl_server_config));
+}
+
+scoped_ptr<SSLServerSocket> CreateSSLServerSocket(
+    scoped_ptr<StreamSocket> socket,
+    X509Certificate* certificate,
+    crypto::RSAPrivateKey* key,
+    const SSLServerConfig& ssl_server_config,
+    const SSLServerSocketContext context) {
+  return CreateSSLServerSocket(socket, certificate, key, ssl_server_config);
 }
 
 SSLServerSocketNSS::SSLServerSocketNSS(
     scoped_ptr<StreamSocket> transport_socket,
     scoped_refptr<X509Certificate> cert,
     crypto::RSAPrivateKey* key,
-    const SSLServerConfig& ssl_config)
+    const SSLServerConfig& ssl_server_config)
     : transport_send_busy_(false),
       transport_recv_busy_(false),
       user_read_buf_len_(0),
@@ -103,7 +113,7 @@ SSLServerSocketNSS::SSLServerSocketNSS(
       nss_fd_(NULL),
       nss_bufs_(NULL),
       transport_socket_(transport_socket.Pass()),
-      ssl_config_(ssl_config),
+      ssl_server_config_(ssl_server_config),
       cert_(cert),
       next_handshake_state_(STATE_NONE),
       completed_handshake_(false) {
@@ -338,7 +348,7 @@ int SSLServerSocketNSS::InitializeSSLOptions() {
 
   int rv;
 
-  if (ssl_config_.require_client_cert) {
+  if (ssl_server_config_.require_client_cert) {
     rv = SSL_OptionSet(nss_fd_, SSL_REQUEST_CERTIFICATE, PR_TRUE);
     if (rv != SECSuccess) {
       LogFailedNSSFunction(net_log_, "SSL_OptionSet",
@@ -360,15 +370,15 @@ int SSLServerSocketNSS::InitializeSSLOptions() {
   }
 
   SSLVersionRange version_range;
-  version_range.min = ssl_config_.version_min;
-  version_range.max = ssl_config_.version_max;
+  version_range.min = ssl_server_config_.version_min;
+  version_range.max = ssl_server_config_.version_max;
   rv = SSL_VersionRangeSet(nss_fd_, &version_range);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", "");
     return ERR_NO_SSL_VERSIONS_ENABLED;
   }
 
-  if (ssl_config_.require_ecdhe) {
+  if (ssl_server_config_.require_ecdhe) {
     const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers();
     const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers();
 
@@ -385,8 +395,8 @@ int SSLServerSocketNSS::InitializeSSLOptions() {
   }
 
   for (std::vector<uint16>::const_iterator it =
-           ssl_config_.disabled_cipher_suites.begin();
-       it != ssl_config_.disabled_cipher_suites.end(); ++it) {
+           ssl_server_config_.disabled_cipher_suites.begin();
+       it != ssl_server_config_.disabled_cipher_suites.end(); ++it) {
     // This will fail if the specified cipher is not implemented by NSS, but
     // the failure is harmless.
     SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE);