net: disable renegotiation checks.
Although we have a handle on the problems of corporate MITM proxies,
users are now reporting the anti-virus programs are choosing to
implement their virus scanning by MITM attacking local SSL/TLS
connections.
It only appears to be some anti-virus programs in some configurations,
but we don't really have a good idea of the scope of the issue so this
patch disables the renegotiation checks (for merging to the stable
branch) while we work on a better solution.
BUG=55410
TEST=none
http://codereview.chromium.org/3340024/show
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59241 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index f9f36af..035007f 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -517,7 +517,9 @@
#endif
#ifdef SSL_ENABLE_RENEGOTIATION
- if (SSLConfigService::IsKnownStrictTLSServer(hostname_) &&
+ // Deliberately disable this check for now: http://crbug.com/55410
+ if (false &&
+ SSLConfigService::IsKnownStrictTLSServer(hostname_) &&
!ssl_config_.mitm_proxies_allowed) {
rv = SSL_OptionSet(nss_fd_, SSL_REQUIRE_SAFE_NEGOTIATION, PR_TRUE);
if (rv != SECSuccess)
