Enable session resumption in SSLServerSocketNSS and unit tests

SSL_ConfigServerSessionIDCache() is being used in SSLServerSocketNSS and
enabling session resumption since passes are now passing.

BUG=67236
TEST=net_unittests, remoting_unittests

Review URL: http://codereview.chromium.org/6370008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@72186 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 2 insertions, 22 deletions

diff --git a/net/base/ssl_config_service.cc b/net/base/ssl_config_service.cc
index f47392d..9a44895 100644
--- a/net/base/ssl_config_service.cc
+++ b/net/base/ssl_config_service.cc
@@ -23,9 +23,8 @@ SSLConfig::SSLConfig()
     : rev_checking_enabled(true), ssl3_enabled(true),
       tls1_enabled(true), dnssec_enabled(false), snap_start_enabled(false),
       dns_cert_provenance_checking_enabled(false),
-      session_resume_disabled(false), mitm_proxies_allowed(false),
-      false_start_enabled(true), send_client_cert(false),
-      verify_ev_cert(false), ssl3_fallback(false) {
+      mitm_proxies_allowed(false), false_start_enabled(true),
+      send_client_cert(false), verify_ev_cert(false), ssl3_fallback(false) {
 }
 
 SSLConfig::~SSLConfig() {
diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h
index 0a9d569e..413d076 100644
--- a/net/base/ssl_config_service.h
+++ b/net/base/ssl_config_service.h
@@ -35,11 +35,6 @@ struct SSLConfig {
   // True if we'll do async checks for certificate provenance using DNS.
   bool dns_cert_provenance_checking_enabled;
 
-  // TODO(hclam): This option is used to simplify the SSLServerSocketNSS
-  // implementation and should be removed when session caching is implemented.
-  // See http://crbug.com/67236 for more details.
-  bool session_resume_disabled;  // Don't allow session resume.
-
   // Cipher suites which should be explicitly prevented from being used in
   // addition to those disabled by the net built-in policy -- by default, all
   // cipher suites supported by the underlying SSL implementation will be
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 3444d8d..d006d58 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -614,13 +614,6 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
   #error "You need to install NSS-3.12 or later to build chromium"
 #endif
 
-  rv = SSL_OptionSet(nss_fd_, SSL_NO_CACHE,
-                     ssl_config_.session_resume_disabled);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_NO_CACHE");
-    return ERR_UNEXPECTED;
-  }
-
 #ifdef SSL_ENABLE_DEFLATE
   // Some web servers have been found to break if TLS is used *or* if DEFLATE
   // is advertised. Thus, if TLS is disabled (probably because we are doing
diff --git a/net/socket/ssl_server_socket_nss.cc b/net/socket/ssl_server_socket_nss.cc
index 270aff0..283ba50 100644
--- a/net/socket/ssl_server_socket_nss.cc
+++ b/net/socket/ssl_server_socket_nss.cc
@@ -292,12 +292,6 @@ int SSLServerSocketNSS::InitializeSSLOptions() {
     return ERR_UNEXPECTED;
   }
 
-  rv = SSL_OptionSet(nss_fd_, SSL_NO_CACHE, PR_TRUE);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_NO_CACHE");
-    return ERR_UNEXPECTED;
-  }
-
   rv = SSL_ConfigServerSessionIDCache(1024, 5, 5, NULL);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_ConfigureServerSessionIDCache", "");
diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc
index ca2c884..122d183 100644
--- a/net/socket/ssl_server_socket_unittest.cc
+++ b/net/socket/ssl_server_socket_unittest.cc
@@ -241,7 +241,6 @@ class SSLServerSocketTest : public PlatformTest {
     ssl_config.snap_start_enabled = false;
     ssl_config.ssl3_enabled = true;
     ssl_config.tls1_enabled = true;
-    ssl_config.session_resume_disabled = true;
 
     // Certificate provided by the host doesn't need authority.
     net::SSLConfig::CertAndStatus cert_and_status;