Populate cert_key_types on OpenSSL.

net/socket/ssl_client_socket_openssl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // OpenSSL binding for SSLClientSocket. The class layout and general principle
 // of operation is derived from SSLClientSocketNSS.
 
 #include "net/socket/ssl_client_socket_openssl.h"
 
 #include <openssl/err.h>
@@ skipping 494 matching lines @@
       net_log_(transport_->socket()->NetLog()) {}
 
 SSLClientSocketOpenSSL::~SSLClientSocketOpenSSL() {
   Disconnect();
 }
 
 void SSLClientSocketOpenSSL::GetSSLCertRequestInfo(
     SSLCertRequestInfo* cert_request_info) {
   cert_request_info->host_and_port = host_and_port_;
   cert_request_info->cert_authorities = cert_authorities_;
+  cert_request_info->cert_key_types = cert_key_types_;
 }
 
 SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto(
     std::string* proto, std::string* server_protos) {
   *proto = npn_proto_;
   *server_protos = server_protos_;
   return npn_status_;
 }
 
 ServerBoundCertService*
@@ skipping 84 matching lines @@
   user_write_buf_        = NULL;
   user_write_buf_len_    = 0;
 
   pending_read_error_ = kNoPendingReadResult;
   transport_write_error_ = OK;
 
   server_cert_verify_result_.Reset();
   completed_handshake_ = false;
 
   cert_authorities_.clear();
+  cert_key_types_.clear();
   client_auth_cert_needed_ = false;
 }
 
 bool SSLClientSocketOpenSSL::IsConnected() const {
   // If the handshake has not yet completed.
   if (!completed_handshake_)
     return false;
   // If an asynchronous operation is still pending.
   if (user_read_buf_.get() || user_write_buf_.get())
     return true;
@@ skipping 774 matching lines @@
   return result;
 }
 
 int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl,
                                                       X509** x509,
                                                       EVP_PKEY** pkey) {
   DVLOG(3) << "OpenSSL ClientCertRequestCallback called";
   DCHECK(ssl == ssl_);
   DCHECK(*x509 == NULL);
   DCHECK(*pkey == NULL);
-#if defined(USE_OPENSSL_CERTS)
   if (!ssl_config_.send_client_cert) {
     // First pass: we know that a client certificate is needed, but we do not
     // have one at hand.
     client_auth_cert_needed_ = true;
     STACK_OF(X509_NAME) *authorities = SSL_get_client_CA_list(ssl);
     for (int i = 0; i < sk_X509_NAME_num(authorities); i++) {
       X509_NAME *ca_name = (X509_NAME *)sk_X509_NAME_value(authorities, i);
       unsigned char* str = NULL;
       int length = i2d_X509_NAME(ca_name, &str);
       cert_authorities_.push_back(std::string(
           reinterpret_cast<const char*>(str),
           static_cast<size_t>(length)));
       OPENSSL_free(str);
     }
 
+    const unsigned char* client_cert_types;
+    size_t num_client_cert_types;
+    SSL_get_client_certificate_types(ssl, &client_cert_types,
+                                     &num_client_cert_types);
+    for (size_t i = 0; i < num_client_cert_types; i++) {
+      cert_key_types_.push_back(
+          static_cast<SSLClientCertType>(client_cert_types[i]));
+    }
+
     return -1;  // Suspends handshake.
   }
 
   // Second pass: a client certificate should have been selected.
   if (ssl_config_.client_cert.get()) {
+#if defined(USE_OPENSSL_CERTS)
     // A note about ownership: FetchClientCertPrivateKey() increments
     // the reference count of the EVP_PKEY. Ownership of this reference
     // is passed directly to OpenSSL, which will release the reference
     // using EVP_PKEY_free() when the SSL object is destroyed.
     OpenSSLClientKeyStore::ScopedEVP_PKEY privkey;
     if (OpenSSLClientKeyStore::GetInstance()->FetchClientCertPrivateKey(
             ssl_config_.client_cert.get(), &privkey)) {
       // TODO(joth): (copied from NSS) We should wait for server certificate
       // verification before sending our credentials. See http://crbug.com/13934
       *x509 = X509Certificate::DupOSCertHandle(
           ssl_config_.client_cert->os_cert_handle());
       *pkey = privkey.release();
       return 1;
     }
     LOG(WARNING) << "Client cert found without private key";
+#else  // !defined(USE_OPENSSL_CERTS)
+    // OS handling of client certificates is not yet implemented.
+    NOTIMPLEMENTED();
+#endif  // defined(USE_OPENSSL_CERTS)
   }
-#else  // !defined(USE_OPENSSL_CERTS)
-  // OS handling of client certificates is not yet implemented.
-  NOTIMPLEMENTED();
-#endif  // defined(USE_OPENSSL_CERTS)
 
   // Send no client certificate.
   return 0;
 }
 
 void SSLClientSocketOpenSSL::ChannelIDRequestCallback(SSL* ssl,
                                                       EVP_PKEY** pkey) {
   DVLOG(3) << "OpenSSL ChannelIDRequestCallback called";
   DCHECK_EQ(ssl, ssl_);
   DCHECK(!*pkey);
@@ skipping 101 matching lines @@
   DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_;
   return SSL_TLSEXT_ERR_OK;
 }
 
 scoped_refptr<X509Certificate>
 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
   return server_cert_;
 }
 
 }  // namespace net