Fix link error when compiling with OpenSSL while using OS certs.

net/socket/ssl_client_socket_openssl_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket.h"
 
 #include <errno.h>
 #include <string.h>
 
 #include <openssl/bio.h>
@@ skipping 31 matching lines @@
 #include "net/ssl/ssl_config_service.h"
 #include "net/test/cert_test_util.h"
 #include "net/test/spawned_test_server/spawned_test_server.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/platform_test.h"
 
 namespace net {
 
 namespace {
 
+// These client auth tests are currently dependent on OpenSSL's struct X509.
+#if defined(USE_OPENSSL_CERTS)
 typedef OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY;
 
 // BIO_free is a macro, it can't be used as a template parameter.
 void BIO_free_func(BIO* bio) {
     BIO_free(bio);
 }
 
 typedef crypto::ScopedOpenSSL<BIO, BIO_free_func> ScopedBIO;
 typedef crypto::ScopedOpenSSL<RSA, RSA_free> ScopedRSA;
 typedef crypto::ScopedOpenSSL<BIGNUM, BN_free> ScopedBIGNUM;
 
 const SSLConfig kDefaultSSLConfig;
 
 // A ServerBoundCertStore that always returns an error when asked for a
 // certificate.
 class FailingServerBoundCertStore : public ServerBoundCertStore {

[wtc, 2014/04/10 14:59:05]

This class is used by the two ChannelID tests. We should be able to use it when
USE_OPENSSL_CERTS is not defined. I think it requires spltting
SSLClientSocketOpenSSLClientAuthTest into two classes:

- SSLClientSocketOpenSSLClientAuthTest, without the ChannelID stuff.
- A new SSLClientSocketOpenSSLChannelIDTest, for the ChannelID stuff.

[haavardm, 2014/04/10 15:16:12]

Why are the channel id tests in the openssl layer? couldn't they be moved to
ssl_client_socket_unittest.cc?

On 2014/04/10 14:59:05, wtc wrote:

[wtc, 2014/04/10 15:29:00]

Channel ID was originally called origin-bound certificates and used the SSL/TLS
client authentication mechanism. I suspect that's why the Channel ID tests are
in this file.
I think you are right. I took a quick look at the Channel ID code in this file,
and didn't see anything OpenSSL-specific. Moving these tests to
ssl_client_socket_unittest.cc is a good idea!

   virtual int GetServerBoundCert(const std::string& server_identifier,
                                  base::Time* expiration_time,
                                  std::string* private_key_result,
                                  std::string* cert_result,
                                  const GetCertCallback& callback) OVERRIDE {
     return ERR_UNEXPECTED;
   }
   virtual void SetServerBoundCert(const std::string& server_identifier,
                                   base::Time creation_time,
                                   base::Time expiration_time,
@@ skipping 238 matching lines @@
   EXPECT_EQ(OK, rv);
   EXPECT_TRUE(sock_->IsConnected());
 
   EXPECT_TRUE(CheckSSLClientSocketSentCert());
 
   sock_->Disconnect();
   EXPECT_FALSE(sock_->IsConnected());
 }
 
 // Connect to a server using channel id. It should allow the connection.
 TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendChannelID) {

[wtc, 2014/04/10 14:59:05]

Is it necessary to disable the two ChannelID tests? They are no longer
implemented as client certificates.

   SpawnedTestServer::SSLOptions ssl_options;
 
   ASSERT_TRUE(ConnectToTestServer(ssl_options));
 
   EnabledChannelID();
   SSLConfig ssl_config = kDefaultSSLConfig;
   ssl_config.channel_id_enabled = true;
 
   int rv;
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
@@ skipping 16 matching lines @@
   EnabledFailingChannelID();
   SSLConfig ssl_config = kDefaultSSLConfig;
   ssl_config.channel_id_enabled = true;
 
   int rv;
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
 
   EXPECT_EQ(ERR_UNEXPECTED, rv);
   EXPECT_FALSE(sock_->IsConnected());
 }
+#endif  // defined(USE_OPENSSL_CERTS)
 
 }  // namespace
 }  // namespace net