Clear the SSL Client Auth cache when a new SSL Client Certificate is...

net/socket/client_socket_factory.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/client_socket_factory.h"
 
 #include "base/lazy_instance.h"
 #include "build/build_config.h"
 #include "net/socket/client_socket_handle.h"
 #if defined(OS_WIN)
-#include "net/socket/ssl_client_socket_win.h"
+#include "net/socket/ssl_client_socket_nss.h"
+#include "net/socket/ssl_client_socket_win_factory.h"
 #elif defined(USE_OPENSSL)
 #include "net/socket/ssl_client_socket_openssl.h"
 #elif defined(USE_NSS)
 #include "net/socket/ssl_client_socket_nss.h"
 #elif defined(OS_MACOSX)
+#include "net/socket/ssl_client_socket_mac_factory.h"
 #include "net/socket/ssl_client_socket_nss.h"
 #endif
 #include "net/socket/ssl_host_info.h"
 #include "net/socket/tcp_client_socket.h"
 
 namespace net {
 
 class DnsCertProvenanceChecker;
 
 namespace {
 
 SSLClientSocket* DefaultSSLClientSocketFactory(
     ClientSocketHandle* transport_socket,
     const HostPortPair& host_and_port,
     const SSLConfig& ssl_config,
     SSLHostInfo* ssl_host_info,
     CertVerifier* cert_verifier,
     DnsCertProvenanceChecker* dns_cert_checker) {
   scoped_ptr<SSLHostInfo> shi(ssl_host_info);
 #if defined(OS_WIN)
-  return new SSLClientSocketWin(transport_socket, host_and_port, ssl_config,
-                                cert_verifier);
+  return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
+                                shi.release(), cert_verifier, dns_cert_checker);
 #elif defined(USE_OPENSSL)
   return new SSLClientSocketOpenSSL(transport_socket, host_and_port,
                                     ssl_config, cert_verifier);
 #elif defined(USE_NSS)
   return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
                                 shi.release(), cert_verifier, dns_cert_checker);
 #elif defined(OS_MACOSX)
   return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
                                 shi.release(), cert_verifier, dns_cert_checker);
 #else
@@ skipping 42 matching lines @@
   return CreateSSLClientSocket(socket_handle, host_and_port, ssl_config,
                                ssl_host_info, cert_verifier,
                                NULL /* DnsCertProvenanceChecker */);
 }
 
 // static
 ClientSocketFactory* ClientSocketFactory::GetDefaultFactory() {
   return g_default_client_socket_factory.Pointer();
 }
 
-// static
-void ClientSocketFactory::SetSSLClientSocketFactory(
-    SSLClientSocketFactory factory) {
-  g_ssl_factory = factory;
+void ClientSocketFactory::UseSystemSSL() {

[wtc, 2011/02/23 00:38:38]

This function can just set a global boolean flag:
  bool g_use_system_ssl;

and DefaultClientSocketFactory::CreateSSLClientSocket
can do either new SSLClientSocketNSS or
new SSLClientSocket{Mac,Win} depending on the value of
g_use_system_ssl.

IMPORTANT: the reason I had to use g_ssl_factory for
Windows was that I had doubly-defined symbol linker errors
when linking some ChromeFrame test programs because
those test programs were also linked with NSPR (a dependency
of NSS).  It's possible that this build problem has been
fixed, so we can just use the simpler g_use_system_ssl
method.

Please watch out for ChromeFrame test program build failures
when you check in this CL.

+#if defined(OS_WIN)
+  g_ssl_factory = net::SSLClientSocketWinFactory;
+#elif defined(OS_MACOSX)
+  g_ssl_factory = net::SSLClientSocketMacFactory;

[wtc, 2011/02/23 00:38:38]

Nit: remove the net:: prefix because this file is in the
'net' namespace.

+#endif
+  SSLClientSocket::UseSystemClearSSLSessionCache();
 }
 
 }  // namespace net