9 files changed, 0 insertions, 107 deletions

diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc
index 580b184..0aab9a6 100644
--- a/chrome/browser/net/ssl_config_service_manager_pref.cc
+++ b/chrome/browser/net/ssl_config_service_manager_pref.cc
@@ -306,7 +306,6 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
   config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue();
   config->unrestricted_ssl3_fallback_enabled =
       unrestricted_ssl3_fallback_enabled_.GetValue();
-  SSLConfigServicePref::SetSSLConfigFlags(config);
 }
 
 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
diff --git a/content/browser/browser_main_loop.cc b/content/browser/browser_main_loop.cc
index 2e7ccef..250cb36 100644
--- a/content/browser/browser_main_loop.cc
+++ b/content/browser/browser_main_loop.cc
@@ -398,9 +398,6 @@ void BrowserMainLoop::EarlyInitialization() {
   crypto::EnsureNSPRInit();
 #endif  // !defined(USE_OPENSSL)
 
-  if (parsed_command_line_.HasSwitch(switches::kEnableSSLCachedInfo))
-    net::SSLConfigService::EnableCachedInfo();
-
 #if !defined(OS_IOS)
   if (parsed_command_line_.HasSwitch(switches::kRendererProcessLimit)) {
     std::string limit_string = parsed_command_line_.GetSwitchValueASCII(
diff --git a/content/public/common/content_switches.cc b/content/public/common/content_switches.cc
index 1a3d9df..415e7ea 100644
--- a/content/public/common/content_switches.cc
+++ b/content/public/common/content_switches.cc
@@ -551,9 +551,6 @@ const char kEnableSpatialNavigation[]       = "enable-spatial-navigation";
 // Enables the synthesis part of the Web Speech API.
 const char kEnableSpeechSynthesis[]         = "enable-speech-synthesis";
 
-// Enables TLS cached info extension.
-const char kEnableSSLCachedInfo[]           = "enable-ssl-cached-info";
-
 // Enables StatsTable, logging statistics to a global named shared memory table.
 const char kEnableStatsTable[]              = "enable-stats-table";
 
diff --git a/content/public/common/content_switches.h b/content/public/common/content_switches.h
index fc273b0..8800d51 100644
--- a/content/public/common/content_switches.h
+++ b/content/public/common/content_switches.h
@@ -166,7 +166,6 @@ CONTENT_EXPORT extern const char kEnableSmoothScrolling[];
 CONTENT_EXPORT extern const char kEnableSoftwareCompositing[];
 CONTENT_EXPORT extern const char kEnableSpatialNavigation[];
 CONTENT_EXPORT extern const char kEnableSpeechSynthesis[];
-extern const char kEnableSSLCachedInfo[];
 CONTENT_EXPORT extern const char kEnableStatsTable[];
 extern const char kEnableStrictSiteIsolation[];
 CONTENT_EXPORT extern const char kEnableServiceWorker[];
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 203ea9e..b46ebbd 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -271,11 +271,6 @@ BOOL WINAPI ClientCertFindCallback(PCCERT_CONTEXT cert_context,
 
 #endif
 
-void DestroyCertificates(CERTCertificate** certs, size_t len) {
-  for (size_t i = 0; i < len; i++)
-    CERT_DestroyCertificate(certs[i]);
-}
-
 // Helper functions to make it possible to log events from within the
 // SSLClientSocketNSS::Core.
 void AddLogEvent(const base::WeakPtr<BoundNetLog>& net_log,
@@ -615,13 +610,6 @@ class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> {
   bool Init(PRFileDesc* socket, memio_Private* buffers);
 
   // Called on the network task runner.
-  // Sets the predicted certificate chain that the peer will send, for use
-  // with the TLS CachedInfo extension. If called, it must not be called
-  // before Init() or after Connect().
-  void SetPredictedCertificates(
-      const std::vector<std::string>& predicted_certificates);
-
-  // Called on the network task runner.
   //
   // Attempts to perform an SSL handshake. If the handshake cannot be
   // completed synchronously, returns ERR_IO_PENDING, invoking |callback| on
@@ -1064,57 +1052,6 @@ bool SSLClientSocketNSS::Core::Init(PRFileDesc* socket,
   return true;
 }
 
-void SSLClientSocketNSS::Core::SetPredictedCertificates(
-    const std::vector<std::string>& predicted_certs) {
-  if (predicted_certs.empty())
-    return;
-
-  if (!OnNSSTaskRunner()) {
-    DCHECK(!detached_);
-    nss_task_runner_->PostTask(
-        FROM_HERE,
-        base::Bind(&Core::SetPredictedCertificates, this, predicted_certs));
-    return;
-  }
-
-  DCHECK(nss_fd_);
-
-  predicted_certs_ = predicted_certs;
-
-  scoped_ptr<CERTCertificate*[]> certs(
-      new CERTCertificate*[predicted_certs.size()]);
-
-  for (size_t i = 0; i < predicted_certs.size(); i++) {
-    SECItem derCert;
-    derCert.data = const_cast<uint8*>(reinterpret_cast<const uint8*>(
-        predicted_certs[i].data()));
-    derCert.len = predicted_certs[i].size();
-    certs[i] = CERT_NewTempCertificate(
-        CERT_GetDefaultCertDB(), &derCert, NULL /* no nickname given */,
-        PR_FALSE /* not permanent */, PR_TRUE /* copy DER data */);
-    if (!certs[i]) {
-      DestroyCertificates(&certs[0], i);
-      NOTREACHED();
-      return;
-    }
-  }
-
-  SECStatus rv;
-#ifdef SSL_ENABLE_CACHED_INFO
-  rv = SSL_SetPredictedPeerCertificates(nss_fd_, certs.get(),
-                                        predicted_certs.size());
-  DCHECK_EQ(SECSuccess, rv);
-#else
-  rv = SECFailure;  // Not implemented.
-#endif
-  DestroyCertificates(&certs[0], predicted_certs.size());
-
-  if (rv != SECSuccess) {
-    LOG(WARNING) << "SetPredictedCertificates failed: "
-                 << host_and_port_.ToString();
-  }
-}
-
 int SSLClientSocketNSS::Core::Connect(const CompletionCallback& callback) {
   if (!OnNSSTaskRunner()) {
     DCHECK(!detached_);
@@ -3268,14 +3205,6 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
                          "SSL_ENABLE_SIGNED_CERT_TIMESTAMPS");
   }
 
-// Chromium patch to libssl
-#ifdef SSL_ENABLE_CACHED_INFO
-  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_CACHED_INFO,
-                     ssl_config_.cached_info_enabled);
-  if (rv != SECSuccess)
-    LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_CACHED_INFO");
-#endif
-
   rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT");
diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc
index d5d04b20..79af3c0 100644
--- a/net/socket/ssl_server_socket_unittest.cc
+++ b/net/socket/ssl_server_socket_unittest.cc
@@ -331,7 +331,6 @@ class SSLServerSocketTest : public PlatformTest {
         crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector));
 
     net::SSLConfig ssl_config;
-    ssl_config.cached_info_enabled = false;
     ssl_config.false_start_enabled = false;
     ssl_config.channel_id_enabled = false;
 
diff --git a/net/ssl/ssl_config_service.cc b/net/ssl/ssl_config_service.cc
index a28c46d..ec9fcc3 100644
--- a/net/ssl/ssl_config_service.cc
+++ b/net/ssl/ssl_config_service.cc
@@ -40,7 +40,6 @@ SSLConfig::SSLConfig()
       rev_checking_required_local_anchors(false),
       version_min(g_default_version_min),
       version_max(g_default_version_max),
-      cached_info_enabled(false),
       channel_id_enabled(true),
       false_start_enabled(true),
       signed_cert_timestamps_enabled(true),
@@ -79,8 +78,6 @@ SSLConfigService::SSLConfigService()
     : observer_list_(ObserverList<Observer>::NOTIFY_EXISTING_ONLY) {
 }
 
-static bool g_cached_info_enabled = false;
-
 // GlobalCRLSet holds a reference to the global CRLSet. It simply wraps a lock
 // around a scoped_refptr so that getting a reference doesn't race with
 // updating the CRLSet.
@@ -114,15 +111,6 @@ scoped_refptr<CRLSet> SSLConfigService::GetCRLSet() {
   return g_crl_set.Get().Get();
 }
 
-void SSLConfigService::EnableCachedInfo() {
-  g_cached_info_enabled = true;
-}
-
-// static
-bool SSLConfigService::cached_info_enabled() {
-  return g_cached_info_enabled;
-}
-
 // static
 uint16 SSLConfigService::default_version_min() {
   return g_default_version_min;
@@ -148,11 +136,6 @@ void SSLConfigService::NotifySSLConfigChange() {
 SSLConfigService::~SSLConfigService() {
 }
 
-// static
-void SSLConfigService::SetSSLConfigFlags(SSLConfig* ssl_config) {
-  ssl_config->cached_info_enabled = g_cached_info_enabled;
-}
-
 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config,
                                            const SSLConfig& new_config) {
   bool config_changed =
diff --git a/net/ssl/ssl_config_service.h b/net/ssl/ssl_config_service.h
index 0b19e30..08a59fd 100644
--- a/net/ssl/ssl_config_service.h
+++ b/net/ssl/ssl_config_service.h
@@ -96,7 +96,6 @@ struct NET_EXPORT SSLConfig {
   // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002.
   std::vector<uint16> disabled_cipher_suites;
 
-  bool cached_info_enabled;  // True if TLS cached info extension is enabled.
   bool channel_id_enabled;   // True if TLS channel ID extension is enabled.
   bool false_start_enabled;  // True if we'll use TLS False Start.
   // True if the Certificate Transparency signed_certificate_timestamp
@@ -194,11 +193,6 @@ class NET_EXPORT SSLConfigService
   static void SetCRLSet(scoped_refptr<CRLSet> crl_set);
   static scoped_refptr<CRLSet> GetCRLSet();
 
-  // Enables the TLS cached info extension, which allows the server to send
-  // just a digest of its certificate chain.
-  static void EnableCachedInfo();
-  static bool cached_info_enabled();
-
   // Gets the default minimum protocol version.
   static uint16 default_version_min();
 
@@ -223,9 +217,6 @@ class NET_EXPORT SSLConfigService
 
   virtual ~SSLConfigService();
 
-  // SetFlags sets the values of several flags based on global configuration.
-  static void SetSSLConfigFlags(SSLConfig* ssl_config);
-
   // Process before/after config update.
   void ProcessConfigUpdate(const SSLConfig& orig_config,
                            const SSLConfig& new_config);
diff --git a/net/ssl/ssl_config_service_defaults.cc b/net/ssl/ssl_config_service_defaults.cc
index 1d96977..c512ed8 100644
--- a/net/ssl/ssl_config_service_defaults.cc
+++ b/net/ssl/ssl_config_service_defaults.cc
@@ -11,7 +11,6 @@ SSLConfigServiceDefaults::SSLConfigServiceDefaults() {
 
 void SSLConfigServiceDefaults::GetSSLConfig(SSLConfig* config) {
   *config = default_config_;
-  SetSSLConfigFlags(config);
 }
 
 SSLConfigServiceDefaults::~SSLConfigServiceDefaults() {