net: don't remember TLS intolerant servers.

I've seen a couple of reports recently where is was clear that an SNI-only
hostname had ended up in the list of TLS-intolerant servers. The result is that
the user sees the non-SNI certificate for that IP address, which doesn't match
the requested hostname. The only way to clear this is to restart Chrome.

This change partly reverts r45088 so that we will no longer remember
TLS-intolerant servers. This means that we'll perform SSLv3 fallback for every
connection, if needed. That's unfortunate for truly TLS-intolerant servers, but
it also means that we'll get back to TLS much faster in the event of a
transient network error trigger fallback.

BUG=none
TEST=net_unittests


Review URL: http://codereview.chromium.org/10218007

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@134129 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 1 insertions, 0 deletions

diff --git a/third_party/tlslite/README.chromium b/third_party/tlslite/README.chromium
index ea99656..916fd36 100644
--- a/third_party/tlslite/README.chromium
+++ b/third_party/tlslite/README.chromium
@@ -30,3 +30,4 @@ Local Modifications:
 - patches/parse_chain.patch: tlslite/X509CertChain.py and tlslite/X509.py were
   updated to add a parseChain method, that can parse multiple certificates from
   a PEM string.
+- patches/tls_intolerant.patch: allow TLSLite to simulate a TLS-intolerant server.