Linux: allow TLS renegotiation.

Linux: allow TLS renegotiation.

Renegotiation was disabled when we switched to using our internal version of
NSS. The default in the new versions is to prohibit renegotiation. However,
since we are a client this is rather pointless. An attacker can easily convince
us to start a new TLS connection to a host if they wish.

BUG=none
TEST=Go to a site that uses renegotiation (generally because they want to request a client-side cert).

[wtc, 2010-01-05 19:48:50]

LGTM.

Perhaps it's better to patch our copy of libSSL so that
SSL_RENEGOTIATE_UNRESTRICTED is the default.  This way
when we update to NSS 3.12.6, which will use the renegotiation
info extension as the default, we will be able to use it.
(See my second comment below.)

http://codereview.chromium.org/501178/diff/1/2
File net/socket/ssl_client_socket_nss.cc (right):

http://codereview.chromium.org/501178/diff/1/2#newcode318
net/socket/ssl_client_socket_nss.cc:318: /* We allow servers to request
renegotiation. Since we're a client,
Please use C++ comment delimiter "//" because this is a C++
file.

http://codereview.chromium.org/501178/diff/1/2#newcode323
net/socket/ssl_client_socket_nss.cc:323: SSL_RENEGOTIATE_UNRESTRICTED);
We should file a bug to remind us to change this when we
update to NSS 3.12.6, which will implement the renegotiation
info extension.

[agl, 2010-01-06 01:36:17]

Have filed bug 31647 for this.

I didn't patch libssl in this case because I think that the overhead of tracking
the small change to a 3rd party library is greater than the benefit in this
case.