Linux: allow TLS renegotiation.

net/socket/ssl_client_socket_nss.cc

Index: net/socket/ssl_client_socket_nss.cc
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index c013ed8bc10f04b1c41db369d2048f8109c8438f..ed50e16099a6afa1aabb46d5331c0ff53c3bd486 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -314,6 +314,17 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
      LOG(INFO) << "SSL_ENABLE_DEFLATE failed.  Old system nss?";
 #endif
 
+#ifdef SSL_ENABLE_RENEGOTIATION
+  /* We allow servers to request renegotiation. Since we're a client,

[wtc, 2010/01/05 19:48:51]

Please use C++ comment delimiter "//" because this is a C++
file.

+   * prohibiting this is rather a waste of time. Only servers are in a position
+   * to prevent renegotiation attacks.
+   * http://extendedsubset.com/?p=8 */
+  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION,
+                     SSL_RENEGOTIATE_UNRESTRICTED);

[wtc, 2010/01/05 19:48:51]

We should file a bug to remind us to change this when we
update to NSS 3.12.6, which will implement the renegotiation
info extension.

+  if (rv != SECSuccess)
+     LOG(INFO) << "SSL_ENABLE_RENEGOTIATION failed.";
+#endif
+
 #ifdef SSL_NEXT_PROTO_NEGOTIATED
   if (!ssl_config_.next_protos.empty()) {
     rv = SSL_SetNextProtoNego(