NSS and NPN: send NextProtocol on resume and disable NPN without SPDY.

NPN on resume was broken symmetrically between OpenSSL and NSS (which
is probably why we didn't notice for so long). OpenSSL wasn't
expecting the message and NSS wasn't sending it.

This change sends the NextProtocol message when resuming and disables
NPN when not using SPDY.

The reason for the latter is that we have GFEs deployed which don't
expect NextProtocol when resuming and we have to wait some time before
they get replaced. Because of this, we can't have NPN enabled by
default. Instead, we'll use --host-resolver-rules to redirect
everything to known-good GFEs in the mean time.

http://codereview.chromium.org/841003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41433 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 8 insertions, 0 deletions

diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index d2227a6..45bf853 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -8447,6 +8447,14 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
 	if (doStepUp || ss->writerThread == PR_GetCurrentThread()) {
 	    flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
 	}
+
+	if (!isServer) {
+	    rv = ssl3_SendNextProto(ss);
+	    if (rv != SECSuccess) {
+		goto xmit_loser;        /* err code was set. */
+	    }
+	}
+
 	rv = ssl3_SendFinished(ss, flags);
 	if (rv != SECSuccess) {
 	    goto xmit_loser;	/* err is set. */