Don't resend payload after Snap Start misprediction.

net/socket/ssl_client_socket_nss.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
 // from AuthCertificateCallback() in
 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
 
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
@@ skipping 2247 matching lines @@
   }
 
   if (result == OK)
     LogConnectionTypeMetrics();
 
   completed_handshake_ = true;
   // TODO(ukai): we may not need this call because it is now harmless to have a
   // session with a bad cert.
   InvalidateSessionIfBadCertificate();
 
-  // Likewise, if we merged a Write call into the handshake we need to make the
+  // If we merged a Write call into the handshake we need to make the
   // callback now.
   if (user_write_callback_) {
     corked_ = false;
-    DoWriteCallback(user_write_buf_len_);
+    if (result != OK) {
+      DoWriteCallback(result);
+    } else {
+      SSLSnapStartResult snap_start_type;
+      SECStatus rv = SSL_GetSnapStartResult(nss_fd_, &snap_start_type);
+      DCHECK_EQ(rv, SECSuccess);
+      DCHECK_NE(snap_start_type, SSL_SNAP_START_NONE);
+      if (snap_start_type == SSL_SNAP_START_RECOVERY ||
+          snap_start_type == SSL_SNAP_START_RESUME_RECOVERY) {
+        // If we mispredicted the server's handshake then Snap Start will have
+        // triggered a recovery mode. The misprediction could have been caused
+        // by the server having a different certificate so the application data
+        // wasn't resent. Now that we have verified the certificate, we need to
+        // resend the application data.
+        int bytes_written = DoPayloadWrite();
+        if (bytes_written != ERR_IO_PENDING)
+          DoWriteCallback(bytes_written);
+      }

[wtc, 2010/11/02 22:29:17]

IMPORTANT: I believe we need to add 'else' here, at line 2289, for the
snap-start correct prediction case:
      } else {
        DoWriteCallback(user_write_buf_len_);
      }

Do you agree?

Basically, inside the if (user_write_callback_) statement that starts on line
2270, we should always call DoWriteCallback except when the
DoPayloadWrite call on line 2286 returns ERR_IO_PENDING.

+    }
   }
 
   // Exit DoHandshakeLoop and return the result to the caller to Connect.
   DCHECK(next_handshake_state_ == STATE_NONE);
   return result;
 }
 
 int SSLClientSocketNSS::DoPayloadRead() {
   EnterFunction(user_read_buf_len_);
   DCHECK(user_read_buf_);
@@ skipping 71 matching lines @@
     case SSL_CONNECTION_VERSION_TLS1_1:
       UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1);
       break;
     case SSL_CONNECTION_VERSION_TLS1_2:
       UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2);
       break;
   };
 }
 
 }  // namespace net