net: remove special case for Kaspersky HTTPS

Kaspersky released an updated version some months ago and hopefully most users
have upgraded by now.

BUG=86208
TEST=none

Review URL: https://chromiumcodereview.appspot.com/9419014

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@122835 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 3 insertions, 50 deletions

diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index 8c68471..4bb3e57 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -7165,9 +7165,6 @@ The following plug-in is unresponsive: <ph name="PLUGIN_NAME">$1
       <message name="IDS_ERRORPAGES_HEADING_ESET_ANTI_VIRUS_SSL_INTERCEPTION" desc="Heading of the error page when we detect that ESET anti-virus is running and intercepting our HTTPS connections. 'ESET' is a product name and may be best left untranslated.">
         Cannot make secure connection because of ESET anti-virus
       </message>
-      <message name="IDS_ERRORPAGES_HEADING_KASPERSKY_ANTI_VIRUS_SSL_INTERCEPTION" desc="Heading of the error page when we detect that Kaspersky anti-virus is running and intercepting our HTTPS connections. 'Kaspersky' is a product name and may be best left untranslated.">
-        Cannot make secure connection because of Kaspersky anti-virus
-      </message>
       <message name="IDS_ERRORPAGES_HEADING_BLOCKED" desc="Heading of the error page when a request is blocked by an extension.">
         This webpage was blocked by an extension
       </message>
@@ -7341,19 +7338,6 @@ The following plug-in is unresponsive: <ph name="PLUGIN_NAME">$1
         instructions.
       </message>
 
-      <message name="IDS_ERRORPAGES_SUMMARY_KASPERSKY_ANTI_VIRUS_SSL_INTERCEPTION" desc="Summary in the error page when we detect that Kaspersky anti-virus is running and intercepting our HTTPS connections. 'Kaspersky' is a product name and may be best left untranslated. 'Learn more' should be the contents of IDS_LEARN_MORE.">
-        <ph name="PRODUCT_NAME">&lt;span jscontent="productName"&gt;&lt;/span&gt;<ex>Google Chrome</ex></ph>
-        has detected that a Kaspersky product is intercepting secure connections.
-        This is typically not a security issue as the Kaspersky software is
-        usually running on the same computer. However, due to an intolerance
-        to specific aspects of
-        <ph name="PRODUCT_NAME">&lt;span jscontent="productName"&gt;&lt;/span&gt;<ex>Google Chrome</ex></ph>'s
-        secure connections, Kaspersky products have to be configured to not
-        perform this interception. Click the 'Learn more' link for
-        instructions which guide you to the configuration option that should be
-        disabled.
-      </message>
-
       <message name="IDS_ERRORPAGES_SUMMARY_NETNANNY_SSL_INTERCEPTION" desc="Summary in the error page when we detect that NetNanny is running and intercepting our HTTPS connections. 'NetNanny' is a product name and may be best left untranslated. 'Learn more' should be the contents of IDS_LEARN_MORE.">
         <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> has detected that
         NetNanny is intercepting secure connections. This is typically
diff --git a/chrome/renderer/localized_error.cc b/chrome/renderer/localized_error.cc
index 8ff8964..889266c 100644
--- a/chrome/renderer/localized_error.cc
+++ b/chrome/renderer/localized_error.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -37,9 +37,6 @@ static const char kWeakDHKeyLearnMoreUrl[] =
     "err_ssl_weak_server_ephemeral_dh_key";
 static const char kESETLearnMoreUrl[] =
     "http://kb.eset.com/esetkb/index?page=content&id=SOLN2588";
-static const char kKasperskyLearnMoreUrl[] =
-    "http://support.kaspersky.com/kav2012/settings/options"
-    "?print=true&qid=208284701";
 #if defined(OS_CHROMEOS)
 static const char kAppWarningLearnMoreUrl[] =
     "chrome-extension://honijodknafkokifofgiaalefdiedpko/main.html"
@@ -248,13 +245,6 @@ const LocalizedErrorMap net_error_options[] = {
    IDS_ERRORPAGES_DETAILS_SSL_PROTOCOL_ERROR,
    SUGGEST_LEARNMORE,
   },
-  {net::ERR_KASPERSKY_ANTI_VIRUS_SSL_INTERCEPTION,
-   IDS_ERRORPAGES_TITLE_LOAD_FAILED,
-   IDS_ERRORPAGES_HEADING_KASPERSKY_ANTI_VIRUS_SSL_INTERCEPTION,
-   IDS_ERRORPAGES_SUMMARY_KASPERSKY_ANTI_VIRUS_SSL_INTERCEPTION,
-   IDS_ERRORPAGES_DETAILS_SSL_PROTOCOL_ERROR,
-   SUGGEST_LEARNMORE,
-  },
   {net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN,
    IDS_ERRORPAGES_TITLE_LOAD_FAILED,
    IDS_ERRORPAGES_HEADING_PINNING_FAILURE,
@@ -628,9 +618,6 @@ void LocalizedError::GetStrings(const WebKit::WebURLError& error,
       case net::ERR_ESET_ANTI_VIRUS_SSL_INTERCEPTION:
         learn_more_url = GURL(kESETLearnMoreUrl);
         break;
-      case net::ERR_KASPERSKY_ANTI_VIRUS_SSL_INTERCEPTION:
-        learn_more_url = GURL(kKasperskyLearnMoreUrl);
-        break;
       default:
         break;
     }
diff --git a/net/base/net_error_list.h b/net/base/net_error_list.h
index 8f27cd7..750f9ad 100644
--- a/net/base/net_error_list.h
+++ b/net/base/net_error_list.h
@@ -202,7 +202,6 @@ NET_ERROR(MANDATORY_PROXY_CONFIGURATION_FAILED, -131)
 // We detected an ESET product intercepting our HTTPS connections. Since these
 // products are False Start intolerant, we return this error so that we can
 // give the user a helpful error message rather than have the connection hang.
-// See also: KASPERSKY_ANTI_VIRUS_SSL_INTERCEPTION
 NET_ERROR(ESET_ANTI_VIRUS_SSL_INTERCEPTION, -132)
 
 // We've hit the max socket limit for the socket pool while preconnecting.  We
@@ -247,12 +246,7 @@ NET_ERROR(SSL_CLIENT_AUTH_SIGNATURE_FAILED, -141)
 // which exceeds size threshold).
 NET_ERROR(MSG_TOO_BIG, -142)
 
-// We detected a Kaspersky product intercepting our HTTPS connections. This
-// interacts badly with our SSL stack for unknown reasons (disabling False
-// Start doesn't help). We return this error so that we can give the user a
-// helpful error message rather than have the connection hang.
-// See also: ESET_ANTI_VIRUS_SSL_INTERCEPTION
-NET_ERROR(KASPERSKY_ANTI_VIRUS_SSL_INTERCEPTION, -143)
+// Error cdoe -143 available.
 
 // Violation of limits (e.g. imposed to prevent DoS).
 NET_ERROR(LIMIT_VIOLATION, -144)
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 9c74ecb..094b07e 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -454,7 +454,6 @@ SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket,
       completed_handshake_(false),
       ssl_session_cache_shard_(context.ssl_session_cache_shard),
       eset_mitm_detected_(false),
-      kaspersky_mitm_detected_(false),
       predicted_cert_chain_correct_(false),
       next_handshake_state_(STATE_NONE),
       nss_fd_(NULL),
@@ -652,7 +651,6 @@ void SSLClientSocketNSS::Disconnect() {
   ssl_connection_status_ = 0;
   completed_handshake_   = false;
   eset_mitm_detected_    = false;
-  kaspersky_mitm_detected_ = false;
   start_cert_verification_time_ = base::TimeTicks();
   predicted_cert_chain_correct_ = false;
   nss_bufs_              = NULL;
@@ -1446,8 +1444,6 @@ int SSLClientSocketNSS::DoHandshake() {
     if (handshake_callback_called_) {
       if (eset_mitm_detected_) {
         net_error = ERR_ESET_ANTI_VIRUS_SSL_INTERCEPTION;
-      } else if (kaspersky_mitm_detected_) {
-        net_error = ERR_KASPERSKY_ANTI_VIRUS_SSL_INTERCEPTION;
       } else {
         // We need to see if the predicted certificate chain (in
         // |ssl_host_info_->state().certs) matches the actual certificate chain
@@ -2148,18 +2144,13 @@ SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg,
   if (cert) {
     char* common_name = CERT_GetCommonName(&cert->issuer);
     if (common_name) {
-      if (false_start && strcmp(common_name, "ESET_RootSslCert") == 0)
+      if (false_start && strcmp(common_name, "ESET_RootSslCert") == 0) {
         // ESET anti-virus is capable of intercepting HTTPS connections on
         // Windows.  However, it is False Start intolerant and causes the
         // connections to hang forever. We detect ESET by the issuer of the
         // leaf certificate and set a flag to return a specific error, giving
         // the user instructions for reconfiguring ESET.
         that->eset_mitm_detected_ = true;
-      if (strcmp(common_name,
-                 "Kaspersky Anti-Virus personal root certificate") == 0) {
-        // Kaspersky has an unknown intolerance to our HTTPS handshakes and so
-        // we detect and give a more helpful error message.
-        that->kaspersky_mitm_detected_ = true;
       }
       if (false_start &&
           strcmp(common_name, "ContentWatch Root Certificate Authority") == 0) {
diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h
index e9f4f48..3ce5b78 100644
--- a/net/socket/ssl_client_socket_nss.h
+++ b/net/socket/ssl_client_socket_nss.h
@@ -276,9 +276,6 @@ class SSLClientSocketNSS : public SSLClientSocket {
   // True iff we believe that the user has an ESET product intercepting our
   // HTTPS connections.
   bool eset_mitm_detected_;
-  // True iff we believe that the user has a Kaspersky product intercepting our
-  // HTTPS connections.
-  bool kaspersky_mitm_detected_;
 
   // True iff |ssl_host_info_| contained a predicted certificate chain and
   // that we found the prediction to be correct.