From fd4f139fe08bc9596a7295fb5fee8300fb34856a Mon Sep 17 00:00:00 2001
From: "wtc@chromium.org"
 <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri, 11 Jun 2010 17:02:20 +0000
Subject: Second attempt to land r49489.

Use NSS for SSL by default on Mac OS X.

To use Mac OS X Secure Transport in Chromium, specify the --use-system-ssl
command-line switch, which also replaced the --use-schannel command-line
switch for Windows. All other programs are hardcoded to use NSS for SSL.

If SSL client authentication is requested, fall back on Mac OS X Secure
Transport for now.

Original review URL: http://codereview.chromium.org/2747002/show

R=mark,mbelshe
BUG=30689
TEST=none
Review URL: http://codereview.chromium.org/2769012

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49540 0039d316-1c4b-4281-b951-d872f2087c98
---
 chrome/browser/browser_main.cc | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

(limited to 'chrome/browser/browser_main.cc')

diff --git a/chrome/browser/browser_main.cc b/chrome/browser/browser_main.cc
index 6675bba..fc85d36 100644
--- a/chrome/browser/browser_main.cc
+++ b/chrome/browser/browser_main.cc
@@ -136,6 +136,7 @@
 #include "net/base/net_util.h"
 #include "net/base/sdch_manager.h"
 #include "net/base/winsock_init.h"
+#include "net/socket/ssl_client_socket_nss_factory.h"
 #include "printing/printed_document.h"
 #include "sandbox/src/sandbox.h"
 #endif  // defined(OS_WIN)
@@ -143,11 +144,11 @@
 #if defined(OS_MACOSX)
 #include <Security/Security.h>
 #include "chrome/browser/cocoa/install_from_dmg.h"
+#include "net/socket/ssl_client_socket_mac_factory.h"
 #endif
 
 #if defined(OS_MACOSX) || defined(OS_WIN)
 #include "base/nss_util.h"
-#include "net/socket/ssl_client_socket_nss_factory.h"
 #endif
 
 #if defined(TOOLKIT_VIEWS)
@@ -800,15 +801,21 @@ int BrowserMain(const MainFunctionParams& parameters) {
     }
   }
 
-#if defined(OS_MACOSX) || defined(OS_WIN)
-#if defined(OS_WIN)
-  bool use_nss_for_ssl = !parsed_command_line.HasSwitch(switches::kUseSChannel);
-#else
-  bool use_nss_for_ssl = parsed_command_line.HasSwitch(switches::kUseNSSForSSL);
-#endif
-  if (use_nss_for_ssl ||
-      parsed_command_line.HasSwitch(switches::kUseSpdy) ||
-      is_spdy_trial) {
+  // Use NSS for SSL by default.
+#if defined(OS_MACOSX)
+  // The default client socket factory uses NSS for SSL by default on Mac.
+  if (parsed_command_line.HasSwitch(switches::kUseSystemSSL)) {
+    net::ClientSocketFactory::SetSSLClientSocketFactory(
+        net::SSLClientSocketMacFactory);
+  } else {
+    // We want to be sure to init NSPR on the main thread.
+    base::EnsureNSPRInit();
+  }
+#elif defined(OS_WIN)
+  // Because of a build system issue (http://crbug.com/43461), the default
+  // client socket factory uses SChannel (the system SSL library) for SSL by
+  // default on Windows.
+  if (!parsed_command_line.HasSwitch(switches::kUseSystemSSL)) {
     net::ClientSocketFactory::SetSSLClientSocketFactory(
         net::SSLClientSocketNSSFactory);
     // We want to be sure to init NSPR on the main thread.
-- 
cgit v1.1