Implement TLS client auth in the OS X OpenSSL port.

net/ssl/openssl_client_key_store.cc

Index: net/ssl/openssl_client_key_store.cc
diff --git a/net/ssl/openssl_client_key_store.cc b/net/ssl/openssl_client_key_store.cc
index d7a32e8f2fa47b1ebcdd1db123afdf8b3c6c1435..ef38da6e12770ebc186d8488073b212923906d9e 100644
--- a/net/ssl/openssl_client_key_store.cc
+++ b/net/ssl/openssl_client_key_store.cc
@@ -107,22 +107,20 @@ bool OpenSSLClientKeyStore::RecordClientCertPrivateKey(
   return true;
 }
 
-bool OpenSSLClientKeyStore::FetchClientCertPrivateKey(
-    const X509Certificate* client_cert,
-    crypto::ScopedEVP_PKEY* private_key) {
+crypto::ScopedEVP_PKEY OpenSSLClientKeyStore::FetchClientCertPrivateKey(
+    const X509Certificate* client_cert) {
   if (!client_cert)
-    return false;
+    return crypto::ScopedEVP_PKEY();

[Ryan Sleevi, 2014/07/24 19:13:02]

Random comment: This code prevents NRVO, because it's not using a named
variable.

See http://msdn.microsoft.com/en-us/library/ms364057(v=vs.80).aspx for a bit of
the documentation and limits (in an MSVC context, but also applies largely to
Clang and GCC)

However, because of our move emulation, using a named ScopedEVP_PKEY would
require us to use .Pass() at each return point, which would also violate NRVO.

Turns out, there's no "guaranteed" way to ensure NRVO with a scoped-ptr return
value. Didn't realize it until this code though.

[davidben, 2014/07/24 21:02:25]

(Tangentially, I wish we could spell those lines return NULL or return nullptr.
I suppose C++11 will fix that one.)

 
   crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
   if (!pub_key.get())
-    return false;
+    return crypto::ScopedEVP_PKEY();
 
   int index = FindKeyPairIndex(pub_key.get());
   if (index < 0)
-    return false;
+    return crypto::ScopedEVP_PKEY();
 
-  private_key->reset(CopyEVP_PKEY(pairs_[index].private_key));
-  return true;
+  return crypto::ScopedEVP_PKEY(CopyEVP_PKEY(pairs_[index].private_key));
 }
 
 void OpenSSLClientKeyStore::Flush() {