Revert 242219 "Defer TLS session caching until after certificate..."

> Defer TLS session caching until after certificate verification
> 
> BUG=305220
> R=wtc@chromium.org, wtc
> 
> Review URL: https://codereview.chromium.org/93773007

TBR=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/120043007

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@242236 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 1 insertions, 165 deletions

diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index d4f9386..06d3e12 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -163,11 +163,6 @@ Patches:
     https://bugzilla.mozilla.org/show_bug.cgi?id=930857
     patches/disableticketrenewal.patch
 
-  * Add explicit functions for managing the SSL/TLS session cache.
-    This is a temporary workaround until Chromium migrates to NSS's
-    asynchronous certificate verification.
-    patches/sessioncache.patch
-
 Apply the patches to NSS by running the patches/applypatches.sh script.  Read
 the comments at the top of patches/applypatches.sh for instructions.
 
diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh
index c07f6e5..33850e2 100755
--- a/net/third_party/nss/patches/applypatches.sh
+++ b/net/third_party/nss/patches/applypatches.sh
@@ -81,5 +81,3 @@ patch -p5 < $patches_dir/tls12backuphash2.patch
 patch -p4 < $patches_dir/fallbackscsv.patch
 
 patch -p4 < $patches_dir/disableticketrenewal.patch
-
-patch -p4 < $patches_dir/sessioncache.patch
diff --git a/net/third_party/nss/patches/sessioncache.patch b/net/third_party/nss/patches/sessioncache.patch
deleted file mode 100644
index 11fd9fc..0000000
--- a/net/third_party/nss/patches/sessioncache.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-diff --git a/net/third_party/nss/ssl/exports_win.def b/net/third_party/nss/ssl/exports_win.def
-index e0624f1..a1045bb 100644
---- a/net/third_party/nss/ssl/exports_win.def
-+++ b/net/third_party/nss/ssl/exports_win.def
-@@ -62,3 +62,5 @@ SSL_RestartHandshakeAfterChannelIDReq
- SSL_GetChannelBinding
- SSL_PeerSignedCertTimestamps
- SSL_CipherOrderSet
-+SSL_CacheSession
-+SSL_CacheSessionUnlocked
-diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
-index bef33fc..6f7c988 100644
---- a/net/third_party/nss/ssl/ssl.h
-+++ b/net/third_party/nss/ssl/ssl.h
-@@ -872,6 +872,18 @@ SSL_IMPORT int SSL_DataPending(PRFileDesc *fd);
- SSL_IMPORT SECStatus SSL_InvalidateSession(PRFileDesc *fd);
- 
- /*
-+** Cache the SSL session associated with fd, if it has not already been cached.
-+*/
-+SSL_IMPORT SECStatus SSL_CacheSession(PRFileDesc *fd);
-+
-+/*
-+** Cache the SSL session associated with fd, if it has not already been cached.
-+** This function may only be called when processing within a callback assigned
-+** via SSL_HandshakeCallback
-+*/
-+SSL_IMPORT SECStatus SSL_CacheSessionUnlocked(PRFileDesc *fd);
-+
-+/*
- ** Return a SECItem containing the SSL session ID associated with the fd.
- */
- SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd);
-diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
-index 307a0fe..e2be5e6 100644
---- a/net/third_party/nss/ssl/ssl3con.c
-+++ b/net/third_party/nss/ssl/ssl3con.c
-@@ -11240,7 +11240,7 @@ ssl3_FinishHandshake(sslSocket * ss)
-     /* The first handshake is now completed. */
-     ss->handshake           = NULL;
- 
--    if (ss->ssl3.hs.cacheSID) {
-+    if (ss->ssl3.hs.cacheSID && ss->sec.isServer) {
- 	(*ss->sec.cache)(ss->sec.ci.sid);
- 	ss->ssl3.hs.cacheSID = PR_FALSE;
-     }
-diff --git a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslsecur.c
-index 31c343f..99538e5 100644
---- a/net/third_party/nss/ssl/sslsecur.c
-+++ b/net/third_party/nss/ssl/sslsecur.c
-@@ -1474,6 +1474,49 @@ SSL_InvalidateSession(PRFileDesc *fd)
-     return rv;
- }
- 
-+static void
-+ssl3_CacheSessionUnlocked(sslSocket *ss)
-+{
-+    PORT_Assert(!ss->sec.isServer);
-+
-+    if (ss->ssl3.hs.cacheSID) {
-+	ss->sec.cache(ss->sec.ci.sid);
-+	ss->ssl3.hs.cacheSID = PR_FALSE;
-+    }
-+}
-+
-+SECStatus
-+SSL_CacheSession(PRFileDesc *fd)
-+{
-+    sslSocket *   ss = ssl_FindSocket(fd);
-+    SECStatus     rv = SECFailure;
-+
-+    if (ss) {
-+	ssl_Get1stHandshakeLock(ss);
-+	ssl_GetSSL3HandshakeLock(ss);
-+
-+	ssl3_CacheSessionUnlocked(ss);
-+	rv = SECSuccess;
-+
-+	ssl_ReleaseSSL3HandshakeLock(ss);
-+	ssl_Release1stHandshakeLock(ss);
-+    }
-+    return rv;
-+}
-+
-+SECStatus
-+SSL_CacheSessionUnlocked(PRFileDesc *fd)
-+{
-+    sslSocket *   ss = ssl_FindSocket(fd);
-+    SECStatus     rv = SECFailure;
-+
-+    if (ss) {
-+	ssl3_CacheSessionUnlocked(ss);
-+	rv = SECSuccess;
-+    }
-+    return rv;
-+}
-+
- SECItem *
- SSL_GetSessionID(PRFileDesc *fd)
- {
diff --git a/net/third_party/nss/ssl/exports_win.def b/net/third_party/nss/ssl/exports_win.def
index a1045bb..e0624f1 100644
--- a/net/third_party/nss/ssl/exports_win.def
+++ b/net/third_party/nss/ssl/exports_win.def
@@ -62,5 +62,3 @@ SSL_RestartHandshakeAfterChannelIDReq
 SSL_GetChannelBinding
 SSL_PeerSignedCertTimestamps
 SSL_CipherOrderSet
-SSL_CacheSession
-SSL_CacheSessionUnlocked
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
index 6f7c988..bef33fc 100644
--- a/net/third_party/nss/ssl/ssl.h
+++ b/net/third_party/nss/ssl/ssl.h
@@ -872,18 +872,6 @@ SSL_IMPORT int SSL_DataPending(PRFileDesc *fd);
 SSL_IMPORT SECStatus SSL_InvalidateSession(PRFileDesc *fd);
 
 /*
-** Cache the SSL session associated with fd, if it has not already been cached.
-*/
-SSL_IMPORT SECStatus SSL_CacheSession(PRFileDesc *fd);
-
-/*
-** Cache the SSL session associated with fd, if it has not already been cached.
-** This function may only be called when processing within a callback assigned
-** via SSL_HandshakeCallback
-*/
-SSL_IMPORT SECStatus SSL_CacheSessionUnlocked(PRFileDesc *fd);
-
-/*
 ** Return a SECItem containing the SSL session ID associated with the fd.
 */
 SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd);
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index e2be5e6..307a0fe 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -11240,7 +11240,7 @@ ssl3_FinishHandshake(sslSocket * ss)
     /* The first handshake is now completed. */
     ss->handshake           = NULL;
 
-    if (ss->ssl3.hs.cacheSID && ss->sec.isServer) {
+    if (ss->ssl3.hs.cacheSID) {
 	(*ss->sec.cache)(ss->sec.ci.sid);
 	ss->ssl3.hs.cacheSID = PR_FALSE;
     }
diff --git a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslsecur.c
index 99538e5..31c343f 100644
--- a/net/third_party/nss/ssl/sslsecur.c
+++ b/net/third_party/nss/ssl/sslsecur.c
@@ -1474,49 +1474,6 @@ SSL_InvalidateSession(PRFileDesc *fd)
     return rv;
 }
 
-static void
-ssl3_CacheSessionUnlocked(sslSocket *ss)
-{
-    PORT_Assert(!ss->sec.isServer);
-
-    if (ss->ssl3.hs.cacheSID) {
-	ss->sec.cache(ss->sec.ci.sid);
-	ss->ssl3.hs.cacheSID = PR_FALSE;
-    }
-}
-
-SECStatus
-SSL_CacheSession(PRFileDesc *fd)
-{
-    sslSocket *   ss = ssl_FindSocket(fd);
-    SECStatus     rv = SECFailure;
-
-    if (ss) {
-	ssl_Get1stHandshakeLock(ss);
-	ssl_GetSSL3HandshakeLock(ss);
-
-	ssl3_CacheSessionUnlocked(ss);
-	rv = SECSuccess;
-
-	ssl_ReleaseSSL3HandshakeLock(ss);
-	ssl_Release1stHandshakeLock(ss);
-    }
-    return rv;
-}
-
-SECStatus
-SSL_CacheSessionUnlocked(PRFileDesc *fd)
-{
-    sslSocket *   ss = ssl_FindSocket(fd);
-    SECStatus     rv = SECFailure;
-
-    if (ss) {
-	ssl3_CacheSessionUnlocked(ss);
-	rv = SECSuccess;
-    }
-    return rv;
-}
-
 SECItem *
 SSL_GetSessionID(PRFileDesc *fd)
 {