net: detect and error out with ESET HTTPS interception + False Start

ESET products (anti-virus) and NetNanny can intercept HTTPS connections. However,
they're False Start intolerant. Rather than have connections hang
forever, we detect them by the leaf certificate's issuer common name
and give a helpful error message.

BUG=58152
TEST=Install ESET anti-virus. Configure to intercept HTTPS connections. Goto https://mail.google.com. Confirm that a helpful error page appears.

Review URL: http://codereview.chromium.org/3723001

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@62209 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 8 insertions, 0 deletions

diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h
index 7b9809b..db567c4 100644
--- a/net/socket/ssl_client_socket_nss.h
+++ b/net/socket/ssl_client_socket_nss.h
@@ -178,6 +178,14 @@ class SSLClientSocketNSS : public SSLClientSocket {
   // Write call into a Snap Start handshake.
   bool pseudo_connected_;
 
+  // True iff we believe that the user has an ESET product intercepting our
+  // HTTPS connections.
+  bool eset_mitm_detected_;
+
+  // True iff we believe that the user has NetNanny intercepting our HTTPS
+  // connections.
+  bool netnanny_mitm_detected_;
+
   // This pointer is owned by the caller of UseDNSSEC.
   DNSSECProvider* dnssec_provider_;
   // The time when we started waiting for DNSSEC records.