Support for client certs in ssl_server_socket.

net/socket/ssl_server_socket_openssl.h

Index: net/socket/ssl_server_socket_openssl.h
diff --git a/net/socket/ssl_server_socket_openssl.h b/net/socket/ssl_server_socket_openssl.h
index c64f070599f40249a4b9c2b17597dc26b3b4ee62..0985fcdd5f6c592be0388889bc1328953882fcda 100644
--- a/net/socket/ssl_server_socket_openssl.h
+++ b/net/socket/ssl_server_socket_openssl.h
@@ -19,6 +19,7 @@
 typedef struct bio_st BIO;
 // <openssl/ssl.h>
 typedef struct ssl_st SSL;
+typedef struct x509_store_ctx_st X509_STORE_CTX;
 
 namespace net {
 
@@ -36,6 +37,9 @@ class SSLServerSocketOpenSSL : public SSLServerSocket {
 
   // SSLServerSocket interface.
   int Handshake(const CompletionCallback& callback) override;
+  void SetRequireClientCert(bool require_client_cert) override;
+  void SetClientCertCAList(const CertificateList& client_cert_ca_list) override;
+  void SetClientCertVerifier(CertVerifier* client_cert_verifier) override;
 
   // SSLSocket interface.
   int ExportKeyingMaterial(const base::StringPiece& label,
@@ -104,6 +108,8 @@ class SSLServerSocketOpenSSL : public SSLServerSocket {
   void DoWriteCallback(int result);
 
   int Init();
+  void ExtractClientCert();
+  static int CertVerifyCallback(X509_STORE_CTX* store_ctx, void* arg);
 
   // Members used to send and receive buffer.
   bool transport_send_busy_;
@@ -147,9 +153,18 @@ class SSLServerSocketOpenSSL : public SSLServerSocket {
   // Private key used by the server.
   scoped_ptr<crypto::RSAPrivateKey> key_;
 
+  // Certificate for the client.
+  scoped_refptr<X509Certificate> client_cert_;
+
   State next_handshake_state_;
   bool completed_handshake_;
 
+  // Information to be used in CertificateRequest message.
+  CertificateList client_cert_ca_list_;
+
+  // Used to provide callback for client certificate verification.
+  CertVerifier* client_cert_verifier_;
+
   DISALLOW_COPY_AND_ASSIGN(SSLServerSocketOpenSSL);
 };