2 files changed, 11 insertions, 0 deletions

diff --git a/net/base/net_error_list.h b/net/base/net_error_list.h
index db94f69..b79658c 100644
--- a/net/base/net_error_list.h
+++ b/net/base/net_error_list.h
@@ -137,6 +137,9 @@ NET_ERROR(SOCKS_CONNECTION_HOST_UNREACHABLE, -121)
 // There is no more data left in the logical stream.
 NET_ERROR(END_OF_STREAM, -122)
 
+// The peer sent an SSL no_renegotiation alert message.
+NET_ERROR(SSL_NO_RENEGOTIATION, -123)
+
 // Certificate error codes
 //
 // The values of certificate error codes must be consecutive.
diff --git a/net/socket/ssl_client_socket_win.cc b/net/socket/ssl_client_socket_win.cc
index 5acfa0f..5d464b5 100644
--- a/net/socket/ssl_client_socket_win.cc
+++ b/net/socket/ssl_client_socket_win.cc
@@ -58,6 +58,7 @@ static int MapSecurityError(SECURITY_STATUS err) {
     case SEC_E_ALGORITHM_MISMATCH:
       return ERR_SSL_VERSION_OR_CIPHER_MISMATCH;
     case SEC_E_INVALID_HANDLE:
+    case SEC_E_INVALID_TOKEN:
       return ERR_UNEXPECTED;
     case SEC_E_OK:
       return OK;
@@ -882,6 +883,13 @@ int SSLClientSocketWin::DidCallInitializeSecurityContext() {
   if (isc_status_ == SEC_I_INCOMPLETE_CREDENTIALS)
     return ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
 
+  if (isc_status_ == SEC_I_NO_RENEGOTIATION) {
+    // Received a no_renegotiation alert message.  Although this is just a
+    // warning, SChannel doesn't seem to allow us to continue after this
+    // point, so we have to return an error.  See http://crbug.com/36835.
+    return ERR_SSL_NO_RENEGOTIATION;
+  }
+
   DCHECK(isc_status_ == SEC_I_CONTINUE_NEEDED);
   if (in_buffers_[1].BufferType == SECBUFFER_EXTRA) {
     memmove(recv_buffer_.get(),