Merge to M74: Fix client certificate requests atop HTTP auth proxies.

(Done by hand. Minor merge conflict to tests in
http_network_transaction_unittest.cc, but fix had to be recreated as
ClientSocketPoolBaseHelper was not inlined at the time, and
SetAdditionalErrorState was still GetAdditionalErrorState in the other
direction.)

https://chromium-review.googlesource.com/c/chromium/src/+/1481900
reworked HTTP proxy auth to use pre-bound ConnectJob/Request pairs. In
doing so, it missed a handle->SetAdditionalErrorState(job) call (then
job->GetAdditionalErrorState(handle)). This call is used to pass the
SSLCertRequestInfo up the stack.

This meant that client-cert-requesting origin servers, combined with
HTTP-auth-using proxies would cause SSLCertRequestInfo to be null.
Depending on whether //net or //content was the first to use the
SSLCertRequestInfo, this would either crash the network service or the
browser process, though the latter is only possible due to a bug in the
network service (https://crbug.com/956304).

Fix this by adding the missing call. That requires tweaking
FindAndRemoveBoundRequestForConnectJob slightly so the ConnectJob isn't
destroyed so early.

(cherry picked from commit 2eb827f477c8f4b22d6c85601edefd06c3926ae5)

Bug: 946406
Change-Id: Ic7cab7d508cc680c114fe3b4cc0dc2d1d34487ce
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1584745
Commit-Queue: David Benjamin <davidben@chromium.org>
Auto-Submit: David Benjamin <davidben@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#654932}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1589249
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/branch-heads/3729@{#953}
Cr-Branched-From: d4a8972e30b604f090aeda5dfff68386ae656267-refs/heads/master@{#638880}
5 files changed