Reject renegotiations in SSLClientSocket by default.

net/third_party/nss/patches/norenegotiatelock.patch

Index: net/third_party/nss/patches/norenegotiatelock.patch
diff --git a/net/third_party/nss/patches/norenegotiatelock.patch b/net/third_party/nss/patches/norenegotiatelock.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9ffde05e3d6f56b183b30f9424c82e2fbe56c025
--- /dev/null
+++ b/net/third_party/nss/patches/norenegotiatelock.patch
@@ -0,0 +1,15 @@
+diff --git a/ssl/ssl3con.c b/ssl/ssl3con.c
+index 424c1fb..89c98ea 100644
+--- a/ssl/ssl3con.c
++++ b/ssl/ssl3con.c
+@@ -5532,9 +5532,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
+ 	return SECFailure;
+     }
+     if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
+-	ssl_GetXmitBufLock(ss);
+-	rv = SSL3_SendAlert(ss, alert_warning, no_renegotiation);
+-	ssl_ReleaseXmitBufLock(ss);
++	(void)SSL3_SendAlert(ss, alert_warning, no_renegotiation);
+ 	PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
+ 	return SECFailure;
+     }