Use NSS instead of the system SSL library for SSL if

the --use-nss-for-ssl or --use-flip command-line switch
is specified.

R=mark,mbelshe
BUG=28744
TEST=Run chrome.exe with and without --use-nss-for-ssl.
SSL should work in both cases.
Review URL: http://codereview.chromium.org/555186

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@37931 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 71 insertions, 10 deletions

diff --git a/net/net.gyp b/net/net.gyp
index d020e57..37e89a8 100755
--- a/net/net.gyp
+++ b/net/net.gyp
@@ -434,6 +434,7 @@
         'socket/ssl_client_socket.h',
         'socket/ssl_client_socket_mac.cc',
         'socket/ssl_client_socket_mac.h',
+        'socket/ssl_client_socket_nss_factory.cc',
         'socket/ssl_client_socket_nss.cc',
         'socket/ssl_client_socket_nss.h',
         'socket/ssl_client_socket_win.cc',
@@ -528,6 +529,7 @@
           {  # else: OS != "win"
             'sources!': [
               'proxy/proxy_resolver_winhttp.cc',
+              'socket/ssl_client_socket_nss_factory.cc',
             ],
           },
         ],
diff --git a/net/socket/client_socket_factory.cc b/net/socket/client_socket_factory.cc
index 9458381..6a3a4cc 100644
--- a/net/socket/client_socket_factory.cc
+++ b/net/socket/client_socket_factory.cc
@@ -17,6 +17,27 @@
 
 namespace net {
 
+namespace {
+
+SSLClientSocket* DefaultSSLClientSocketFactory(
+    ClientSocket* transport_socket,
+    const std::string& hostname,
+    const SSLConfig& ssl_config) {
+#if defined(OS_WIN)
+  return new SSLClientSocketWin(transport_socket, hostname, ssl_config);
+#elif defined(USE_NSS)
+  return new SSLClientSocketNSS(transport_socket, hostname, ssl_config);
+#elif defined(OS_MACOSX)
+  return new SSLClientSocketMac(transport_socket, hostname, ssl_config);
+#else
+  NOTIMPLEMENTED();
+  return NULL;
+#endif
+}
+
+// True if we should use NSS instead of the system SSL library for SSL.
+SSLClientSocketFactory g_ssl_factory = DefaultSSLClientSocketFactory;
+
 class DefaultClientSocketFactory : public ClientSocketFactory {
  public:
   virtual ClientSocket* CreateTCPClientSocket(
@@ -28,22 +49,21 @@ class DefaultClientSocketFactory : public ClientSocketFactory {
       ClientSocket* transport_socket,
       const std::string& hostname,
       const SSLConfig& ssl_config) {
-#if defined(OS_WIN)
-    return new SSLClientSocketWin(transport_socket, hostname, ssl_config);
-#elif defined(USE_NSS)
-    return new SSLClientSocketNSS(transport_socket, hostname, ssl_config);
-#elif defined(OS_MACOSX)
-    return new SSLClientSocketMac(transport_socket, hostname, ssl_config);
-#else
-    NOTIMPLEMENTED();
-    return NULL;
-#endif
+    return g_ssl_factory(transport_socket, hostname, ssl_config);
   }
 };
 
+}  // namespace
+
 // static
 ClientSocketFactory* ClientSocketFactory::GetDefaultFactory() {
   return Singleton<DefaultClientSocketFactory>::get();
 }
 
+// static
+void ClientSocketFactory::SetSSLClientSocketFactory(
+    SSLClientSocketFactory factory) {
+  g_ssl_factory = factory;
+}
+
 }  // namespace net
diff --git a/net/socket/client_socket_factory.h b/net/socket/client_socket_factory.h
index 6f4ff17..988cf97 100644
--- a/net/socket/client_socket_factory.h
+++ b/net/socket/client_socket_factory.h
@@ -14,6 +14,18 @@ class ClientSocket;
 class SSLClientSocket;
 struct SSLConfig;
 
+// Callback function to create new SSLClientSocket objects.
+typedef SSLClientSocket* (*SSLClientSocketFactory)(
+    ClientSocket* transport_socket,
+    const std::string& hostname,
+    const SSLConfig& ssl_config);
+
+// Creates SSLClientSocketNSS objects.
+SSLClientSocket* SSLClientSocketNSSFactory(
+    ClientSocket* transport_socket,
+    const std::string& hostname,
+    const SSLConfig& ssl_config);
+
 // An interface used to instantiate ClientSocket objects.  Used to facilitate
 // testing code with mock socket implementations.
 class ClientSocketFactory {
@@ -30,6 +42,10 @@ class ClientSocketFactory {
 
   // Returns the default ClientSocketFactory.
   static ClientSocketFactory* GetDefaultFactory();
+
+  // Instructs the default ClientSocketFactory to use |factory| to create
+  // SSLClientSocket objects.
+  static void SetSSLClientSocketFactory(SSLClientSocketFactory factory);
 };
 
 }  // namespace net
diff --git a/net/socket/ssl_client_socket_nss_factory.cc b/net/socket/ssl_client_socket_nss_factory.cc
new file mode 100644
index 0000000..cb5333d
--- /dev/null
+++ b/net/socket/ssl_client_socket_nss_factory.cc
@@ -0,0 +1,23 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/socket/client_socket_factory.h"
+
+#include "net/socket/ssl_client_socket_nss.h"
+
+// This file is only used on platforms where NSS is not the system SSL
+// library.  When compiled, this file is the only object module that pulls
+// in the dependency on NSPR and NSS.  This allows us to control which
+// projects depend on NSPR and NSS on those platforms.
+
+namespace net {
+
+SSLClientSocket* SSLClientSocketNSSFactory(
+    ClientSocket* transport_socket,
+    const std::string& hostname,
+    const SSLConfig& ssl_config) {
+  return new SSLClientSocketNSS(transport_socket, hostname, ssl_config);
+}
+
+}  // namespace net