Make OpenSSL UpdateServerCert() OS independent.

net/socket/ssl_client_socket.h

Index: net/socket/ssl_client_socket.h
diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h
index 410062dc5a9b9798214233b7a5ecf2b79dd54359..f6b2c0a7bc2647d015cc051959c4ef42566ed76f 100644
--- a/net/socket/ssl_client_socket.h
+++ b/net/socket/ssl_client_socket.h
@@ -23,6 +23,7 @@ class SSLCertRequestInfo;
 struct SSLConfig;
 class SSLInfo;
 class TransportSecurityState;
+class X509Certificate;
 
 // This struct groups together several fields which are used by various
 // classes related to SSLClientSocket.
@@ -154,6 +155,14 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
       const SSLConfig& ssl_config,
       ServerBoundCertService* server_bound_cert_service);
 
+ protected:

[Ryan Sleevi, 2014/03/12 23:12:03]

Do not repeat 'protected' here (it's already set on line 136)

[haavardm, 2014/03/13 10:32:02]

Done.

+  // For unit testing only.
+  // Returns the unverified certificate chain as presented by server.
+  // Note that chain may be different than the verified chain returned by
+  // StreamSocket::GetSSLInfo().
+  virtual const X509Certificate* GetUnverifiedServerCertificateChain()
+      const = 0;
+
  private:
   // For signed_cert_timestamps_received_ and stapled_ocsp_response_received_.
   FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
@@ -162,6 +171,8 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
                            ConnectSignedCertTimestampsEnabledOCSP);
   FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
                            ConnectSignedCertTimestampsDisabled);
+  FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
+                           VerifyServerChainProperlyOrdered);
 
   // True if NPN was responded to, independent of selecting SPDY or HTTP.
   bool was_npn_negotiated_;