Detect Kaspersky SSL MITM and give a helpful error message.

net/base/net_error_list.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file intentionally does not have header guards, it's included
 // inside a macro to generate enum.
 
 // This file contains the list of network errors.
 
 //
@@ skipping 169 matching lines @@
 // of an HTTP proxy.
 NET_ERROR(PROXY_CONNECTION_FAILED, -130)
 
 // A mandatory proxy configuration could not be used. Currently this means
 // that a mandatory PAC script could not be fetched, parsed or executed.
 NET_ERROR(MANDATORY_PROXY_CONFIGURATION_FAILED, -131)
 
 // We detected an ESET product intercepting our HTTPS connections. Since these
 // products are False Start intolerant, we return this error so that we can
 // give the user a helpful error message rather than have the connection hang.
+// See also: KASPERSKY_ANTI_VIRUS_SSL_INTERCEPTION
 NET_ERROR(ESET_ANTI_VIRUS_SSL_INTERCEPTION, -132)
 
 // We've hit the max socket limit for the socket pool while preconnecting.  We
 // don't bother trying to preconnect more sockets.
 NET_ERROR(PRECONNECT_MAX_SOCKET_LIMIT, -133)
 
 // The permission to use the SSL client certificate's private key was denied.
 NET_ERROR(SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED, -134)
 
 // The SSL client certificate has no private key.
@@ skipping 24 matching lines @@
 // Possible causes for this include the user implicitly or explicitly
 // denying access to the private key, the private key may not be valid for
 // signing, the key may be relying on a cached handle which is no longer
 // valid, or the CSP won't allow arbitrary data to be signed.
 NET_ERROR(SSL_CLIENT_AUTH_SIGNATURE_FAILED, -141)
 
 // The message was too large for the transport.  (for example a UDP message
 // which exceeds size threshold).
 NET_ERROR(MSG_TOO_BIG, -142)
 
+// We detected a Kaspersky product intercepting our HTTPS connections. This
+// interacts badly with our SSL stack for unknown reasons (disabling False
+// Start doesn't help). We return this error so that we can give the user a
+// helpful error message rather than have the connection hang.
+// See also: ESET_ANTI_VIRUS_SSL_INTERCEPTION
+NET_ERROR(KASPERSKY_ANTI_VIRUS_SSL_INTERCEPTION, -143)
+
 // Connection was aborted for switching to another ptotocol.
 // WebSocket abort SocketStream connection when alternate protocol is found.
 NET_ERROR(PROTOCOL_SWITCHED, -146)
 
 // Returned when attempting to bind an address that is already in use.
 NET_ERROR(ADDRESS_IN_USE, -147)
 
-// NOTE: error codes 143-145 are available, please use those before adding
+// NOTE: error codes 144-145 are available, please use those before adding
 // 148.
 
 // Certificate error codes
 //
 // The values of certificate error codes must be consecutive.
 
 // The server responded with a certificate whose common name did not match
 // the host name.  This could mean:
 //
 // 1. An attacker has redirected our traffic to his server and is
@@ skipping 309 matching lines @@
 // 2 - Server failure - The name server was unable to process this query
 //     due to a problem with the name server.
 // 4 - Not Implemented - The name server does not support the requested
 //     kind of query.
 // 5 - Refused - The name server refuses to perform the specified
 //     operation for policy reasons.
 NET_ERROR(DNS_SERVER_FAILED, -802)
 
 // DNS transaction timed out.
 NET_ERROR(DNS_TIMED_OUT, -803)