Add X509CertificateBytes which uses CRYPTO_BUFFER instead of macOS-native certificate types.

chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.mm

Index: chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.mm
diff --git a/chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.mm b/chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.mm
index 51357220ff2cd237f169315502f99701ff2bd8fa..680d24e203b57bec8a34027959c1284ea3812e7b 100644
--- a/chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.mm
+++ b/chrome/browser/ui/cocoa/ssl_client_certificate_selector_cocoa.mm
@@ -208,8 +208,11 @@ void ClearTableViewDataSourcesIfNeeded(NSWindow*) {}
   identities_.reset(CFArrayCreateMutable(
       kCFAllocatorDefault, numCerts, &kCFTypeArrayCallBacks));
   for (size_t i = 0; i < numCerts; ++i) {
-    SecCertificateRef cert =
-        observer_->cert_request_info()->client_certs[i]->os_cert_handle();
+    base::ScopedCFTypeRef<SecCertificateRef> cert(
+        net::x509_util::CreateSecCertificateFromX509Certificate(

[Nico, 2017/04/07 13:08:17]

That's a very long function name. Two "x509", one "util", two "Certificate".

[mattm, 2017/04/07 22:18:51]

Yeah, I guess that is. On the plus side it's pretty unambiguous.
(X509Certificate is a class name, so the X509 does have reason to be repeated).
I guess it could just be named CreateSecCertificate and overload on the argument
type, though the style guide seems to advocate for this style rather than
overloading.

+            observer_->cert_request_info()->client_certs[i].get()));
+    if (!cert)
+      continue;
     SecIdentityRef identity;
     if (SecIdentityCreateWithCertificate(NULL, cert, &identity) == noErr) {
       CFArrayAppendValue(identities_, identity);