We don't handle certificate errors during SSL renegotiation....

We don't handle certificate errors during SSL renegotiation.
In the common case, the server sends the same certificate during
renegotiation.  Since the certificate has been verified, we can
assume the certificate is good or has been accepted by the user.
If the server sends a different certificate that has an error,
we need to return an error code that won't trigger our
certificate error handling code, which doesn't handle this case
correctly.  Add the ERR_CERT_ERROR_IN_SSL_RENEGOTIATION error
for this purpose.

R=rvargas
BUG=http://crbug.com/13226
TEST=See http://crbug.com/13226 comment 9

Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=17919

[wtc, 2009-06-08 23:08:11]

http://codereview.chromium.org/118410/diff/1/5
File net/base/ssl_client_socket_win.cc (left):

http://codereview.chromium.org/118410/diff/1/5#oldcode729
Line 729: if (renegotiating_) {
This block of code becomes the DidCompleteRenegotiation method
so it can be reused.

http://codereview.chromium.org/118410/diff/1/2
File net/http/http_network_transaction.cc (right):

http://codereview.chromium.org/118410/diff/1/2#newcode747
Line 747: int HttpNetworkTransaction::DoReadHeadersComplete(int result) {
I didn't try to write the code that handles certificate
errors during renegotiation.  I just make sure it fails
safely (without a crash or DCHECK failures) for now.

[rvargas (doing something else), 2009-06-09 01:18:23]

LGTM