| Index: net/socket/ssl_client_socket_nss.cc
|
| diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
|
| index 8fad0a021d91b1b554018f74ddbe78d99626f2c3..2165be0c7dec40d06759e5da25b80b670d1af6f6 100644
|
| --- a/net/socket/ssl_client_socket_nss.cc
|
| +++ b/net/socket/ssl_client_socket_nss.cc
|
| @@ -518,6 +518,12 @@ class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> {
|
| // verified, and may not be called within an NSS callback.
|
| void CacheSessionIfNecessary();
|
|
|
| + // Only for unit testing.
|
| + // This should only be called before Connect().
|
| + void ForceClientCertificateAndKeyForTest(
|
| + scoped_refptr<X509Certificate> client_cert,
|
| + scoped_ptr<crypto::RSAPrivateKey> client_private_key);
|
| +
|
| private:
|
| friend class base::RefCountedThreadSafe<Core>;
|
| ~Core();
|
| @@ -779,6 +785,9 @@ class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> {
|
| // on the NSS task runner.
|
| scoped_ptr<crypto::ECPrivateKey> channel_id_key_;
|
|
|
| + // Used only for unit testing.
|
| + scoped_ptr<crypto::RSAPrivateKey> client_private_key_;
|
| +
|
| DISALLOW_COPY_AND_ASSIGN(Core);
|
| };
|
|
|
| @@ -1196,7 +1205,12 @@ SECStatus SSLClientSocketNSS::Core::ClientAuthHandler(
|
| if (core->ssl_config_.client_cert.get()) {
|
| CERTCertificate* cert =
|
| CERT_DupCertificate(core->ssl_config_.client_cert->os_cert_handle());
|
| - SECKEYPrivateKey* privkey = PK11_FindKeyByAnyCert(cert, wincx);
|
| + SECKEYPrivateKey* privkey = NULL;
|
| + if (core->client_private_key_.get()) {
|
| + privkey = SECKEY_CopyPrivateKey(core->client_private_key_->key());
|
| + } else {
|
| + privkey = PK11_FindKeyByAnyCert(cert, wincx);
|
| + }
|
| if (privkey) {
|
| // TODO(jsorianopastor): We should wait for server certificate
|
| // verification before sending our credentials. See
|
| @@ -2353,6 +2367,14 @@ void SSLClientSocketNSS::Core::SetChannelIDProvided() {
|
| nss_handshake_state_));
|
| }
|
|
|
| +void SSLClientSocketNSS::Core::ForceClientCertificateAndKeyForTest(
|
| + scoped_refptr<X509Certificate> client_cert,
|
| + scoped_ptr<crypto::RSAPrivateKey> client_private_key) {
|
| + ssl_config_.send_client_cert = true;
|
| + ssl_config_.client_cert = client_cert;
|
| + client_private_key_ = client_private_key.Pass();
|
| +}
|
| +
|
| SSLClientSocketNSS::SSLClientSocketNSS(
|
| scoped_ptr<ClientSocketHandle> transport_socket,
|
| const HostPortPair& host_and_port,
|
| @@ -3185,6 +3207,13 @@ void SSLClientSocketNSS::ReorderNextProtos(NextProtoVector* next_protos) {
|
| (*next_protos)[0] = fallback_proto;
|
| }
|
|
|
| +void SSLClientSocketNSS::ForceClientCertificateAndKeyForTest(
|
| + scoped_refptr<X509Certificate> client_cert,
|
| + scoped_ptr<crypto::RSAPrivateKey> client_private_key) {
|
| + core_->ForceClientCertificateAndKeyForTest(client_cert,
|
| + client_private_key.Pass());
|
| +}
|
| +
|
| ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {
|
| return channel_id_service_;
|
| }
|
|
|
Chromium Code Reviews
Issue 994743003:
Support for client certs in ssl_server_socket.
Base URL: https://chromium.googlesource.com/chromium/src.git@master