Move client certificates retrieval logic out of the SSL sockets.

CL 11879048 introduces ClientCertStore API providing client certificate
lookup/filtering logic currently being done at the SSL socket level. This patch
removes this logic from the sockets, plugging the new API in the upper layers instead.

BUG=170374


Review URL: https://chromiumcodereview.appspot.com/12035105

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@181104 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 4 insertions, 9 deletions

diff --git a/net/socket_stream/socket_stream.cc b/net/socket_stream/socket_stream.cc
index bf53d17..158cff3 100644
--- a/net/socket_stream/socket_stream.cc
+++ b/net/socket_stream/socket_stream.cc
@@ -1168,15 +1168,10 @@ int SocketStream::HandleCertificateRequest(int result, SSLConfig* ssl_config) {
   if (!client_cert)
     return result;
 
-  const std::vector<scoped_refptr<X509Certificate> >& client_certs =
-      cert_request_info->client_certs;
-  bool cert_still_valid = false;
-  for (size_t i = 0; i < client_certs.size(); ++i) {
-    if (client_cert->Equals(client_certs[i])) {
-      cert_still_valid = true;
-      break;
-    }
-  }
+  const std::vector<std::string>& cert_authorities =
+      cert_request_info->cert_authorities;
+  bool cert_still_valid = cert_authorities.empty() ||
+      client_cert->IsIssuedByEncoded(cert_authorities);
   if (!cert_still_valid)
     return result;