net: Ensure that when using False Start + client auth, bad client certificates are not cached.

If an SSL handshake fails when client certificates are used, ensure that
the client certificate selected is removed from the SSL client auth
cache. This ensures that the user is prompted to select a certificate
again, as the cause of the failure may have been due to selecting the
wrong certificate or selecting no certificate when one is required.

The existing logic worked when TLS False Start was disabled, but could
fail when False Start was used or when the peer requests renegotiation.
This changes ensures the client certificate is removed from the cache by
moving the cache removal layer from the HttpStreamRequest to the
HttpNetworkTransaction.

Patch by: Ryan Sleevi

BUG=66424
TEST=HttpNetworkTransactionTest.ClientAuthCertCache*

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@71071 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 8 insertions, 0 deletions

diff --git a/net/base/ssl_cert_request_info.cc b/net/base/ssl_cert_request_info.cc
index bb91632..b7728e5 100644
--- a/net/base/ssl_cert_request_info.cc
+++ b/net/base/ssl_cert_request_info.cc
@@ -11,6 +11,11 @@ namespace net {
 SSLCertRequestInfo::SSLCertRequestInfo() {
 }
 
+void SSLCertRequestInfo::Reset() {
+  host_and_port.clear();
+  client_certs.clear();
+}
+
 SSLCertRequestInfo::~SSLCertRequestInfo() {
 }
 
diff --git a/net/base/ssl_cert_request_info.h b/net/base/ssl_cert_request_info.h
index 22eecfe..416e902 100644
--- a/net/base/ssl_cert_request_info.h
+++ b/net/base/ssl_cert_request_info.h
@@ -22,6 +22,9 @@ class SSLCertRequestInfo
  public:
   SSLCertRequestInfo();
 
+  // Resets the SSLCertRequestInfo as if no certificate had been requested.
+  void Reset();
+
   // The host and port of the SSL server that requested client authentication.
   std::string host_and_port;