Index: net/socket/ssl_client_socket_openssl.cc |
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc |
index d6345f71501d2acc3e20384943045d90ebdfa846..6b14bf27510007175978e5d3902e66acfcb1ae37 100644 |
--- a/net/socket/ssl_client_socket_openssl.cc |
+++ b/net/socket/ssl_client_socket_openssl.cc |
@@ -512,6 +512,7 @@ void SSLClientSocketOpenSSL::GetSSLCertRequestInfo( |
SSLCertRequestInfo* cert_request_info) { |
cert_request_info->host_and_port = host_and_port_; |
cert_request_info->cert_authorities = cert_authorities_; |
+ cert_request_info->cert_key_types = cert_key_types_; |
} |
SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto( |
@@ -616,6 +617,7 @@ void SSLClientSocketOpenSSL::Disconnect() { |
completed_handshake_ = false; |
cert_authorities_.clear(); |
+ cert_key_types_.clear(); |
client_auth_cert_needed_ = false; |
} |
@@ -1410,7 +1412,6 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl, |
DCHECK(ssl == ssl_); |
DCHECK(*x509 == NULL); |
DCHECK(*pkey == NULL); |
-#if defined(USE_OPENSSL_CERTS) |
if (!ssl_config_.send_client_cert) { |
// First pass: we know that a client certificate is needed, but we do not |
// have one at hand. |
@@ -1426,11 +1427,21 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl, |
OPENSSL_free(str); |
} |
+ const unsigned char* client_cert_types; |
+ size_t num_client_cert_types; |
+ SSL_get_client_certificate_types(ssl, &client_cert_types, |
+ &num_client_cert_types); |
+ for (size_t i = 0; i < num_client_cert_types; i++) { |
+ cert_key_types_.push_back( |
+ static_cast<SSLClientCertType>(client_cert_types[i])); |
+ } |
+ |
return -1; // Suspends handshake. |
} |
// Second pass: a client certificate should have been selected. |
if (ssl_config_.client_cert.get()) { |
+#if defined(USE_OPENSSL_CERTS) |
// A note about ownership: FetchClientCertPrivateKey() increments |
// the reference count of the EVP_PKEY. Ownership of this reference |
// is passed directly to OpenSSL, which will release the reference |
@@ -1446,11 +1457,11 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl, |
return 1; |
} |
LOG(WARNING) << "Client cert found without private key"; |
- } |
#else // !defined(USE_OPENSSL_CERTS) |
- // OS handling of client certificates is not yet implemented. |
- NOTIMPLEMENTED(); |
+ // OS handling of client certificates is not yet implemented. |
+ NOTIMPLEMENTED(); |
#endif // defined(USE_OPENSSL_CERTS) |
+ } |
// Send no client certificate. |
return 0; |