net: expect MITM attacks with HTTP proxies and command line flag.

With r51258 we started requiring the TLS renegotiation extension from a
whitelist of servers that we knew supported it. When Chrome is getting MITM
attacked, this extension can be removed and this broke some debugging tools
(which intercept SSL connections) and some proxies which do the same.

This patch causes us to expect to be MITM attacked when tunneling via an HTTP
proxy and when the --allow-ssl-mitm-proxies command line flag is given.

BUG=48485
TEST=Can't really test without one of these MITM proxy machines.

http://codereview.chromium.org/3111019

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56727 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 0 deletions

diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index bc00a4ef..529e7a4 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -22,6 +22,12 @@ const char kActivateOnLaunch[]              = "activate-on-launch";
 // override for developers who need the old behavior for testing.
 const char kAllowFileAccessFromFiles[]      = "allow-file-access-from-files";
 
+// Disable checking of the renegotiation extension and any future checks over
+// and above what a "traditional" SSL stack might do. This has been requested
+// in order to support some web development tools that intercept SSL
+// connections.
+const char kAllowSSLMITMProxies[]           = "allow-ssl-mitm-proxies";
+
 // Allows debugging of sandboxed processes (see zygote_main_linux.cc).
 const char kAllowSandboxDebugging[]         = "allow-sandbox-debugging";