Index: net/base/ssl_cert_request_info.h |
diff --git a/net/base/ssl_cert_request_info.h b/net/base/ssl_cert_request_info.h |
index 3be3b94259b892cac7ce4a2b796f2de27e388143..46dc3864b4a7ab82c4653dd36152dbd267ebf668 100644 |
--- a/net/base/ssl_cert_request_info.h |
+++ b/net/base/ssl_cert_request_info.h |
@@ -10,6 +10,7 @@ |
#include "base/memory/ref_counted.h" |
#include "net/base/net_export.h" |
+#include "net/base/ssl_client_cert_type.h" |
namespace net { |
@@ -31,6 +32,12 @@ class NET_EXPORT SSLCertRequestInfo |
// the request. False, if the server was the origin server. |
bool is_proxy; |
+ // True if |client_certs| is always empty because it is not possible |
+ // to generate the list of compatible client certificates before |
+ // prompting the user. This happens on Android. In this case, the values |
+ // of |valid_cas| and |valid_key_types| must be used instead. |
+ bool no_client_certs; |
wtc1
2012/12/15 00:56:18
(I didn't read the previous discussions in this co
digit1
2012/12/18 15:19:15
Yes, this is now the plan, first patch to achieve
|
+ |
// A list of client certificates that match the server's criteria in the |
// SSL CertificateRequest message. In TLS 1.0, the CertificateRequest |
// message is defined as: |
@@ -47,6 +54,16 @@ class NET_EXPORT SSLCertRequestInfo |
// } CertificateRequest; |
std::vector<scoped_refptr<X509Certificate> > client_certs; |
+#if defined(USE_OPENSSL) |
+ // The list of valid certificate authorities the server recognizes. |
+ // Each item is a DER-encoded X.509 DistinguishedName. |
+ std::vector<std::string> valid_cas; |
+ |
+ // The list of certificate signing key types that the server |
+ // supports. |
+ std::vector<SSLClientCertType> valid_key_types; |
wtc1
2012/12/15 00:56:18
I suggest using the names from the TLS protocol (s
digit1
2012/12/18 15:19:15
I agree, I wasn't really satisfied with these name
|
+#endif |
+ |
private: |
friend class base::RefCountedThreadSafe<SSLCertRequestInfo>; |