Reject renegotiations in SSLClientSocket by default.

net/socket/stream_socket.h

Index: net/socket/stream_socket.h
diff --git a/net/socket/stream_socket.h b/net/socket/stream_socket.h
index 30a199e2dc3c9f24e3ec07ac583209b38ef1c9e4..9e9f251313c9fb6580fc1cadf05dcb5e326d2364 100644
--- a/net/socket/stream_socket.h
+++ b/net/socket/stream_socket.h
@@ -95,6 +95,12 @@ class NET_EXPORT_PRIVATE StreamSocket : public Socket {
   // SSL was not used by this socket.
   virtual bool GetSSLInfo(SSLInfo* ssl_info) = 0;
 
+  // If an SSL socket, configures whether renegotiations are allowed. By
+  // default, the socket rejects all renegotiations from the peer. This method
+  // may be called after Connect completes to change this behavior. If enabled,
+  // ERR_SSL_CLIENT_AUTH_CERT_NEEDED may be returned from Read.
+  virtual void SetRenegotiationsAllowed(bool allowed) {}

[Ryan Sleevi, 2015/05/07 01:41:26]

= 0

[davidben, 2015/05/07 19:12:34]

Fiiiine. Well, you get to review it. FWIW, EnableTCPFastOpenIfSupported is also
a {}, probably for similar reasons.

+
  protected:
   // The following class is only used to gather statistics about the history of
   // a socket.  It is only instantiated and used in basic sockets, such as