Populate cert_key_types on OpenSSL.

net/socket/ssl_client_socket_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket.h"
 
 #include "base/callback_helpers.h"
 #include "base/memory/ref_counted.h"
 #include "base/run_loop.h"
 #include "net/base/address_list.h"
@@ skipping 603 matching lines @@
         transport.Pass(), test_server.host_port_pair(), kDefaultSSLConfig));
     EXPECT_FALSE(sock->IsConnected());
 
     rv = sock->Connect(callback.callback());
     if (rv == ERR_IO_PENDING)
       rv = callback.WaitForResult();
     scoped_refptr<SSLCertRequestInfo> request_info = new SSLCertRequestInfo();
     sock->GetSSLCertRequestInfo(request_info.get());
     sock->Disconnect();
     EXPECT_FALSE(sock->IsConnected());
+    EXPECT_TRUE(
+        test_server.host_port_pair().Equals(request_info->host_and_port));
 
     return request_info;
   }
 };
 
 class SSLClientSocketFalseStartTest : public SSLClientSocketTest {
  protected:
   void TestFalseStart(const SpawnedTestServer::SSLOptions& server_options,
                       const SSLConfig& client_config,
                       bool expect_false_start) {
@@ skipping 1476 matching lines @@
   scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options);
   ASSERT_TRUE(request_info.get());
   ASSERT_EQ(2u, request_info->cert_authorities.size());
   EXPECT_EQ(std::string(reinterpret_cast<const char*>(kThawteDN), kThawteLen),
             request_info->cert_authorities[0]);
   EXPECT_EQ(
       std::string(reinterpret_cast<const char*>(kDiginotarDN), kDiginotarLen),
       request_info->cert_authorities[1]);
 }
 
+// client_key_types is only populated on OpenSSL and currently only when

[wtc, 2014/04/25 18:52:40]

1. Typo: client_key_types => cert_key_types

2. We can fix this in SSLClientSocketNSS by calling
SSL_GetRequestedClientCertificateTypes, but I won't insist on it.

[davidben, 2014/04/25 20:52:31]

Done.
Oh hey. Did we just add it and never hook it up? Maybe let's do that in a
follow-up since the code later in the path doesn't consume the value either.
Strangely, Android's client auth code does consume the value even though it's
never populated.

[wtc, 2014/04/26 12:36:04]

SSL_GetRequestedClientCertificateTypes was used before, when origin-bound
certificates were used as SSL client certificates during the handshake.
Yes, that is certainly fine.

+// USE_OPENSSL_CERTS is defined.
+#if defined(USE_OPENSSL) && defined(USE_OPENSSL_CERTS)
+TEST_F(SSLClientSocketCertRequestInfoTest, ClientKeyTypes) {

[wtc, 2014/04/25 18:52:40]

Nit: ClientKeyTypes => CertKeyTypes or ClientCertKeyTypes

[davidben, 2014/04/25 20:52:31]

Done.

+  SpawnedTestServer::SSLOptions ssl_options;
+  ssl_options.request_client_certificate = true;
+  ssl_options.client_cert_types.push_back(CLIENT_CERT_RSA_SIGN);
+  ssl_options.client_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN);
+  scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options);
+  ASSERT_TRUE(request_info.get());
+  ASSERT_EQ(2u, request_info->cert_key_types.size());
+  EXPECT_EQ(CLIENT_CERT_RSA_SIGN, request_info->cert_key_types[0]);
+  EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, request_info->cert_key_types[1]);
+}
+#endif
+
 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledTLSExtension) {
   SpawnedTestServer::SSLOptions ssl_options;
   ssl_options.signed_cert_timestamps_tls_ext = "test";
 
   SpawnedTestServer test_server(SpawnedTestServer::TYPE_HTTPS,
                                 ssl_options,
                                 base::FilePath());
   ASSERT_TRUE(test_server.Start());
 
   AddressList addr;
@@ skipping 227 matching lines @@
   SpawnedTestServer::SSLOptions server_options;
   server_options.key_exchanges =
       SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA;
   server_options.enable_npn = true;
   SSLConfig client_config;
   client_config.next_protos.push_back("http/1.1");
   TestFalseStart(server_options, client_config, false);
 }
 
 }  // namespace net