Support for client certs in ssl_server_socket.

net/ssl/ssl_server_config.h

Index: net/ssl/ssl_server_config.h
diff --git a/net/ssl/ssl_server_config.h b/net/ssl/ssl_server_config.h
index 36d1286b22552ea7da16561f099740bac091cfc1..51eff5597d452e5b15a8ae1fce23837b34eb511e 100644
--- a/net/ssl/ssl_server_config.h
+++ b/net/ssl/ssl_server_config.h
@@ -14,6 +14,8 @@
 
 namespace net {
 
+class ClientCertVerifier;
+
 // A collection of server-side SSL-related configuration settings.
 struct NET_EXPORT SSLServerConfig {
   // Defaults
@@ -56,6 +58,19 @@ struct NET_EXPORT SSLServerConfig {
   // Requires a client certificate for client authentication from the client.
   // This doesn't currently enforce certificate validity.
   bool require_client_cert;
+
+  // List of DER-encoded X.509 DistinguishedName of certificate authorities
+  // to be included in the CertificateRequest handshake message,
+  // if client certificates are required.
+  std::vector<std::string> cert_authorities_;
+
+  // Provides the CertificateVerifier that is to be used to verify
+  // client certificates during the handshake.
+  // The |client_cert_verifier| continues to be owned by the caller,
+  // and must outlive any sockets using this SSLServerConfig.
+  // This field is meaningful only if client certificates are required.
+  // If a verifier is not provided then all certificates are accepted.
+  ClientCertVerifier* client_cert_verifier;
 };
 
 }  // namespace net