Ensure that when using False Start + client auth, bad client certificates are not cached

net/http/http_stream_request.cc

Index: net/http/http_stream_request.cc
diff --git a/net/http/http_stream_request.cc b/net/http/http_stream_request.cc
index 485dba738c39f5bb4089afb1666469b95d40939f..e42bb3342f9c4d02ccbd78d18ab75ac3c76ba367 100644
--- a/net/http/http_stream_request.cc
+++ b/net/http/http_stream_request.cc
@@ -739,7 +739,7 @@ int HttpStreamRequest::DoInitConnectionComplete(int result) {
       }
     }
     if (result < 0)
-      return HandleSSLHandshakeError(result);
+      return result;
   }
 
   next_state_ = STATE_CREATE_STREAM;
@@ -1021,35 +1021,6 @@ int HttpStreamRequest::HandleCertificateError(int error) {
   return error;
 }
 
-int HttpStreamRequest::HandleSSLHandshakeError(int error) {
-  if (ssl_config()->send_client_cert &&
-      (error == ERR_SSL_PROTOCOL_ERROR ||
-       error == ERR_BAD_SSL_CLIENT_AUTH_CERT)) {
-    session_->ssl_client_auth_cache()->Remove(
-        GetHostAndPort(request_info().url));
-  }
-
-  switch (error) {
-    case ERR_SSL_PROTOCOL_ERROR:
-    case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
-    case ERR_SSL_DECOMPRESSION_FAILURE_ALERT:
-    case ERR_SSL_BAD_RECORD_MAC_ALERT:
-      if (ssl_config()->tls1_enabled &&
-          !SSLConfigService::IsKnownStrictTLSServer(
-          request_info().url.host())) {
-        // This could be a TLS-intolerant server, an SSL 3.0 server that
-        // chose a TLS-only cipher suite or a server with buggy DEFLATE
-        // support. Turn off TLS 1.0, DEFLATE support and retry.
-        factory_->AddTLSIntolerantServer(request_info().url);
-        next_state_ = STATE_INIT_CONNECTION;
-        DCHECK(!connection_.get() || !connection_->socket());
-        error = OK;
-      }
-      break;
-  }
-  return error;
-}
-
 void HttpStreamRequest::SwitchToSpdyMode() {
   if (HttpStreamFactory::spdy_enabled())
     using_spdy_ = true;