Use NSS instead of the system SSL library for SSL if

the --use-nss-for-ssl or --use-flip command-line switch
is specified.

R=mark,mbelshe
BUG=28744
TEST=Run chrome.exe with and without --use-nss-for-ssl.
SSL should work in both cases.
Review URL: http://codereview.chromium.org/555186

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@37931 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 85 insertions, 10 deletions

diff --git a/chrome/browser/browser_main.cc b/chrome/browser/browser_main.cc
index a0ba774..38588ff 100644
--- a/chrome/browser/browser_main.cc
+++ b/chrome/browser/browser_main.cc
@@ -65,6 +65,7 @@
 #include "net/base/cookie_monster.h"
 #include "net/base/net_module.h"
 #include "net/http/http_network_session.h"
+#include "net/socket/client_socket_factory.h"
 #include "net/socket/client_socket_pool_base.h"
 
 #if defined(OS_POSIX)
@@ -717,6 +718,14 @@ int BrowserMain(const MainFunctionParams& parameters) {
     }
   }
 
+#if defined(OS_WIN)
+  if (parsed_command_line.HasSwitch(switches::kUseNSSForSSL) ||
+      parsed_command_line.HasSwitch(switches::kUseFlip)) {
+    net::ClientSocketFactory::SetSSLClientSocketFactory(
+        net::SSLClientSocketNSSFactory);
+  }
+#endif
+
   // Try to create/load the profile.
   ProfileManager* profile_manager = browser_process->profile_manager();
   Profile* profile = profile_manager->GetDefaultProfile(user_data_dir);
diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index 2939d4b..658eb0f 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -619,6 +619,10 @@ const char kUninstall[]                     = "uninstall";
 // This is a temporary testing flag.
 const char kUseFlip[]                       = "use-flip";
 
+// Use NSS instead of the system SSL library for SSL.
+// This is a temporary testing flag.
+const char kUseNSSForSSL[]                  = "use-nss-for-ssl";
+
 // Force all requests to go to this server.  This commandline is provided
 // for testing purposes only, and will likely be removed soon.  It can also
 // hurt startup performance as it does a synchronous name resolution on the
diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
index 3c04fa7..6eda64a 100644
--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -180,6 +180,7 @@ extern const char kTrustedPlugins[];
 extern const char kTryChromeAgain[];
 extern const char kUninstall[];
 extern const char kUseFlip[];
+extern const char kUseNSSForSSL[];
 extern const char kFixedHost[];
 extern const char kFixedHttpPort[];
 extern const char kFixedHttpsPort[];
diff --git a/net/net.gyp b/net/net.gyp
index d020e57..37e89a8 100755
--- a/net/net.gyp
+++ b/net/net.gyp
@@ -434,6 +434,7 @@
         'socket/ssl_client_socket.h',
         'socket/ssl_client_socket_mac.cc',
         'socket/ssl_client_socket_mac.h',
+        'socket/ssl_client_socket_nss_factory.cc',
         'socket/ssl_client_socket_nss.cc',
         'socket/ssl_client_socket_nss.h',
         'socket/ssl_client_socket_win.cc',
@@ -528,6 +529,7 @@
           {  # else: OS != "win"
             'sources!': [
               'proxy/proxy_resolver_winhttp.cc',
+              'socket/ssl_client_socket_nss_factory.cc',
             ],
           },
         ],
diff --git a/net/socket/client_socket_factory.cc b/net/socket/client_socket_factory.cc
index 9458381..6a3a4cc 100644
--- a/net/socket/client_socket_factory.cc
+++ b/net/socket/client_socket_factory.cc
@@ -17,6 +17,27 @@
 
 namespace net {
 
+namespace {
+
+SSLClientSocket* DefaultSSLClientSocketFactory(
+    ClientSocket* transport_socket,
+    const std::string& hostname,
+    const SSLConfig& ssl_config) {
+#if defined(OS_WIN)
+  return new SSLClientSocketWin(transport_socket, hostname, ssl_config);
+#elif defined(USE_NSS)
+  return new SSLClientSocketNSS(transport_socket, hostname, ssl_config);
+#elif defined(OS_MACOSX)
+  return new SSLClientSocketMac(transport_socket, hostname, ssl_config);
+#else
+  NOTIMPLEMENTED();
+  return NULL;
+#endif
+}
+
+// True if we should use NSS instead of the system SSL library for SSL.
+SSLClientSocketFactory g_ssl_factory = DefaultSSLClientSocketFactory;
+
 class DefaultClientSocketFactory : public ClientSocketFactory {
  public:
   virtual ClientSocket* CreateTCPClientSocket(
@@ -28,22 +49,21 @@ class DefaultClientSocketFactory : public ClientSocketFactory {
       ClientSocket* transport_socket,
       const std::string& hostname,
       const SSLConfig& ssl_config) {
-#if defined(OS_WIN)
-    return new SSLClientSocketWin(transport_socket, hostname, ssl_config);
-#elif defined(USE_NSS)
-    return new SSLClientSocketNSS(transport_socket, hostname, ssl_config);
-#elif defined(OS_MACOSX)
-    return new SSLClientSocketMac(transport_socket, hostname, ssl_config);
-#else
-    NOTIMPLEMENTED();
-    return NULL;
-#endif
+    return g_ssl_factory(transport_socket, hostname, ssl_config);
   }
 };
 
+}  // namespace
+
 // static
 ClientSocketFactory* ClientSocketFactory::GetDefaultFactory() {
   return Singleton<DefaultClientSocketFactory>::get();
 }
 
+// static
+void ClientSocketFactory::SetSSLClientSocketFactory(
+    SSLClientSocketFactory factory) {
+  g_ssl_factory = factory;
+}
+
 }  // namespace net
diff --git a/net/socket/client_socket_factory.h b/net/socket/client_socket_factory.h
index 6f4ff17..988cf97 100644
--- a/net/socket/client_socket_factory.h
+++ b/net/socket/client_socket_factory.h
@@ -14,6 +14,18 @@ class ClientSocket;
 class SSLClientSocket;
 struct SSLConfig;
 
+// Callback function to create new SSLClientSocket objects.
+typedef SSLClientSocket* (*SSLClientSocketFactory)(
+    ClientSocket* transport_socket,
+    const std::string& hostname,
+    const SSLConfig& ssl_config);
+
+// Creates SSLClientSocketNSS objects.
+SSLClientSocket* SSLClientSocketNSSFactory(
+    ClientSocket* transport_socket,
+    const std::string& hostname,
+    const SSLConfig& ssl_config);
+
 // An interface used to instantiate ClientSocket objects.  Used to facilitate
 // testing code with mock socket implementations.
 class ClientSocketFactory {
@@ -30,6 +42,10 @@ class ClientSocketFactory {
 
   // Returns the default ClientSocketFactory.
   static ClientSocketFactory* GetDefaultFactory();
+
+  // Instructs the default ClientSocketFactory to use |factory| to create
+  // SSLClientSocket objects.
+  static void SetSSLClientSocketFactory(SSLClientSocketFactory factory);
 };
 
 }  // namespace net
diff --git a/net/socket/ssl_client_socket_nss_factory.cc b/net/socket/ssl_client_socket_nss_factory.cc
new file mode 100644
index 0000000..cb5333d
--- /dev/null
+++ b/net/socket/ssl_client_socket_nss_factory.cc
@@ -0,0 +1,23 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/socket/client_socket_factory.h"
+
+#include "net/socket/ssl_client_socket_nss.h"
+
+// This file is only used on platforms where NSS is not the system SSL
+// library.  When compiled, this file is the only object module that pulls
+// in the dependency on NSPR and NSS.  This allows us to control which
+// projects depend on NSPR and NSS on those platforms.
+
+namespace net {
+
+SSLClientSocket* SSLClientSocketNSSFactory(
+    ClientSocket* transport_socket,
+    const std::string& hostname,
+    const SSLConfig& ssl_config) {
+  return new SSLClientSocketNSS(transport_socket, hostname, ssl_config);
+}
+
+}  // namespace net