Improve error pages on client certificate failures.

net/socket/ssl_client_socket_impl.h

Index: net/socket/ssl_client_socket_impl.h
diff --git a/net/socket/ssl_client_socket_impl.h b/net/socket/ssl_client_socket_impl.h
index 3f3308c1e26f3aa51618dd748f7a76cd3eb18498..8c2482adff2094f5ffe84556a7b95102a1a5e7e2 100644
--- a/net/socket/ssl_client_socket_impl.h
+++ b/net/socket/ssl_client_socket_impl.h
@@ -37,6 +37,10 @@ class FilePath;
 class SequencedTaskRunner;
 }
 
+namespace crypto {
+class OpenSSLErrStackTracer;
+}
+
 namespace net {
 
 class CertVerifier;
@@ -248,6 +252,12 @@ class SSLClientSocketImpl : public SSLClientSocket {
   // Returns whether TLS channel ID is enabled.
   bool IsChannelIDEnabled() const;
 
+  // Returns the net error corresponding to the most recent OpenSSL
+  // error. ssl_error is the output of SSL_get_error.
+  int MapLastOpenSSLError(int ssl_error,
+                          const crypto::OpenSSLErrStackTracer& tracer,
+                          OpenSSLErrorInfo* info);
+
   bool transport_send_busy_;
   bool transport_recv_busy_;
 
@@ -360,6 +370,8 @@ class SSLClientSocketImpl : public SSLClientSocket {
   ScopedSSL_SESSION pending_session_;
   // True if the initial handshake's certificate has been verified.
   bool certificate_verified_;
+  // Set to true if a CertificateRequest was received.
+  bool certificate_requested_;
   // The request handle for |channel_id_service_|.
   ChannelIDService::Request channel_id_request_;