Reject renegotiations in SSLClientSocket by default.

net/third_party/nss/ssl/ssl3con.c

Index: net/third_party/nss/ssl/ssl3con.c
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 424c1fb3a53911c17076175ec7305f49f0db9fd7..89c98eace8786bcf452dd9f1091c6aa5af4eefb2 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -5532,9 +5532,7 @@ ssl3_HandleHelloRequest(sslSocket *ss)
 	return SECFailure;
     }
     if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
-	ssl_GetXmitBufLock(ss);

[davidben, 2015/05/06 23:30:18]

Without removing these, SSL3_SendAlert triggers an alert.

[Ryan Sleevi, 2015/05/07 01:41:26]

Let's do this in a separate CL. At the least, I want to see an upstream bug
before we land this patch. It is correct though (because SSL3_SendAlert grabs
these locks)

[davidben, 2015/05/07 19:12:34]

Done. https://codereview.chromium.org/1134493002/

-	rv = SSL3_SendAlert(ss, alert_warning, no_renegotiation);
-	ssl_ReleaseXmitBufLock(ss);
+	(void)SSL3_SendAlert(ss, alert_warning, no_renegotiation);
 	PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
 	return SECFailure;
     }