Disable SPDY IP pooling for SSL connections with client authentication.

Add a "bool client_cert_sent" member to SSLInfo to extract this info
from SSLClientSocket.

R=rtenneti@chromium.org
BUG=101778
TEST=new unit test

Review URL: http://codereview.chromium.org/8401024

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@107671 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 2 deletions

diff --git a/net/spdy/spdy_session.h b/net/spdy/spdy_session.h
index 8f3505a..6eff60f 100644
--- a/net/spdy/spdy_session.h
+++ b/net/spdy/spdy_session.h
@@ -99,9 +99,13 @@ class NET_EXPORT SpdySession : public base::RefCounted<SpdySession>,
 
   // Check to see if this SPDY session can support an additional domain.
   // If the session is un-authenticated, then this call always returns true.
-  // For SSL-based sessions, verifies that the certificate in use by this
-  // session provides authentication for the domain.
+  // For SSL-based sessions, verifies that the server certificate in use by
+  // this session provides authentication for the domain and no client
+  // certificate was sent to the original server during the SSL handshake.
   // NOTE:  This function can have false negatives on some platforms.
+  // TODO(wtc): rename this function and the Net.SpdyIPPoolDomainMatch
+  // histogram because this function does more than verifying domain
+  // authentication now.
   bool VerifyDomainAuthentication(const std::string& domain);
 
   // Send the SYN frame for |stream_id|. This also sends PING message to check