The network_moved check in DoHandshakeLoop should only apply to

net/socket/ssl_client_socket_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
 // from AuthCertificateCallback() in
 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
 
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
@@ skipping 1240 matching lines @@
   }
 
   int rv = DoReadLoop(result);
   if (rv != ERR_IO_PENDING)
     DoReadCallback(rv);
   LeaveFunction("");
 }
 
 int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) {
   EnterFunction(last_io_result);
-  bool network_moved;
   int rv = last_io_result;
   do {
     // Default to STATE_NONE for next state.
     // (This is a quirk carried over from the windows
     // implementation.  It makes reading the logs a bit harder.)
     // State handlers can and often do call GotoState just
     // to stay in the current state.
     State state = next_handshake_state_;
     GotoState(STATE_NONE);
     switch (state) {
-      case STATE_NONE:
-        // we're just pumping data between the buffer and the network
-        break;
       case STATE_LOAD_SSL_HOST_INFO:
+        DCHECK(rv == OK || rv == ERR_IO_PENDING);
         rv = DoLoadSSLHostInfo();
         break;
       case STATE_HANDSHAKE:
         rv = DoHandshake();
         break;
       case STATE_GET_OB_CERT_COMPLETE:
         rv = DoGetOBCertComplete(rv);
         break;
       case STATE_VERIFY_DNSSEC:
         rv = DoVerifyDNSSEC(rv);
         break;
       case STATE_VERIFY_CERT:
         DCHECK(rv == OK);
         rv = DoVerifyCert(rv);
         break;
       case STATE_VERIFY_CERT_COMPLETE:
         rv = DoVerifyCertComplete(rv);
         break;
+      case STATE_NONE:
       default:
         rv = ERR_UNEXPECTED;
         LOG(DFATAL) << "unexpected state " << state;
         break;
     }
 
     // Do the actual network I/O
-    network_moved = DoTransportIO();
-  } while ((rv != ERR_IO_PENDING || network_moved) &&
-           next_handshake_state_ != STATE_NONE);
+    bool network_moved = DoTransportIO();
+    if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) {
+      // In general we exit the loop if rv is ERR_IO_PENDING.  In this
+      // special case we continue even if rv is ERR_IO_PENDING because
+      // the transport IO may allow DoHandshake to make progress.
+      continue;

[wtc, 2012/01/11 04:19:55]

After a lot of debugging, I finally figured out what was wrong.

In a do-while loop, the 'continue' statement continues to
the bottom of the loop (to evaluate the loop condition)
rather than the top of the loop (to start the next iteration).

+    }
+  } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE);
   LeaveFunction("");
   return rv;
 }
 
 int SSLClientSocketNSS::DoReadLoop(int result) {
   EnterFunction("");
   DCHECK(completed_handshake_);
   DCHECK(next_handshake_state_ == STATE_NONE);
 
   if (result < 0)
@@ skipping 1396 matching lines @@
   valid_thread_id_ = base::PlatformThread::CurrentId();
 }
 
 bool SSLClientSocketNSS::CalledOnValidThread() const {
   EnsureThreadIdAssigned();
   base::AutoLock auto_lock(lock_);
   return valid_thread_id_ == base::PlatformThread::CurrentId();
 }
 
 }  // namespace net