Populate cert_key_types on OpenSSL.

net/socket/ssl_client_socket_unittest.cc

Index: net/socket/ssl_client_socket_unittest.cc
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index 05844cd0ef327d6c01ccbc847826cd1e3e0a7b76..7a9e1a8a1abb5c8392b4c847787265cc7a664324 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -621,6 +621,8 @@ class SSLClientSocketCertRequestInfoTest : public SSLClientSocketTest {
     sock->GetSSLCertRequestInfo(request_info.get());
     sock->Disconnect();
     EXPECT_FALSE(sock->IsConnected());
+    EXPECT_TRUE(
+        test_server.host_port_pair().Equals(request_info->host_and_port));
 
     return request_info;
   }
@@ -2117,6 +2119,22 @@ TEST_F(SSLClientSocketCertRequestInfoTest, TwoAuthorities) {
       request_info->cert_authorities[1]);
 }
 
+// client_key_types is only populated on OpenSSL and currently only when

[wtc, 2014/04/25 18:52:40]

1. Typo: client_key_types => cert_key_types

2. We can fix this in SSLClientSocketNSS by calling
SSL_GetRequestedClientCertificateTypes, but I won't insist on it.

[davidben, 2014/04/25 20:52:31]

Done.
Oh hey. Did we just add it and never hook it up? Maybe let's do that in a
follow-up since the code later in the path doesn't consume the value either.
Strangely, Android's client auth code does consume the value even though it's
never populated.

[wtc, 2014/04/26 12:36:04]

SSL_GetRequestedClientCertificateTypes was used before, when origin-bound
certificates were used as SSL client certificates during the handshake.
Yes, that is certainly fine.

+// USE_OPENSSL_CERTS is defined.
+#if defined(USE_OPENSSL) && defined(USE_OPENSSL_CERTS)
+TEST_F(SSLClientSocketCertRequestInfoTest, ClientKeyTypes) {

[wtc, 2014/04/25 18:52:40]

Nit: ClientKeyTypes => CertKeyTypes or ClientCertKeyTypes

[davidben, 2014/04/25 20:52:31]

Done.

+  SpawnedTestServer::SSLOptions ssl_options;
+  ssl_options.request_client_certificate = true;
+  ssl_options.client_cert_types.push_back(CLIENT_CERT_RSA_SIGN);
+  ssl_options.client_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN);
+  scoped_refptr<SSLCertRequestInfo> request_info = GetCertRequest(ssl_options);
+  ASSERT_TRUE(request_info.get());
+  ASSERT_EQ(2u, request_info->cert_key_types.size());
+  EXPECT_EQ(CLIENT_CERT_RSA_SIGN, request_info->cert_key_types[0]);
+  EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, request_info->cert_key_types[1]);
+}
+#endif
+
 TEST_F(SSLClientSocketTest, ConnectSignedCertTimestampsEnabledTLSExtension) {
   SpawnedTestServer::SSLOptions ssl_options;
   ssl_options.signed_cert_timestamps_tls_ext = "test";