net: disable renegotiation checks.

Although we have a handle on the problems of corporate MITM proxies,
users are now reporting the anti-virus programs are choosing to
implement their virus scanning by MITM attacking local SSL/TLS
connections.

It only appears to be some anti-virus programs in some configurations,
but we don't really have a good idea of the scope of the issue so this
patch disables the renegotiation checks (for merging to the stable
branch) while we work on a better solution.

BUG=55410
TEST=none

http://codereview.chromium.org/3340024/show

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@59241 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 3 insertions, 1 deletions

diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index f9f36af..035007f 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -517,7 +517,9 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
 #endif
 
 #ifdef SSL_ENABLE_RENEGOTIATION
-  if (SSLConfigService::IsKnownStrictTLSServer(hostname_) &&
+  // Deliberately disable this check for now: http://crbug.com/55410
+  if (false &&
+      SSLConfigService::IsKnownStrictTLSServer(hostname_) &&
       !ssl_config_.mitm_proxies_allowed) {
     rv = SSL_OptionSet(nss_fd_, SSL_REQUIRE_SAFE_NEGOTIATION, PR_TRUE);
     if (rv != SECSuccess)