Refactor SSLClientSocket::SerializeNextProtos().

net/socket/ssl_client_socket_nss.cc

Index: net/socket/ssl_client_socket_nss.cc
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index f558e717ac4ea1ffa1374634f381decc586a00c3..f8a56d7be5e5fd2f5989436b7156850964fe838f 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -858,10 +858,12 @@ bool SSLClientSocketNSS::Core::Init(PRFileDesc* socket,
         PK11_TokenExists(CKM_NSS_CHACHA20_POLY1305);
     const bool adequate_key_agreement = PK11_TokenExists(CKM_DH_PKCS_DERIVE) ||
                                         PK11_TokenExists(CKM_ECDH1_DERIVE);

[davidben, 2015/09/28 22:16:23]

(Ooh! Thanks for reminding me! We can rip all of this out now because we don't
have to deal with system NSS like this anymore. I'll do that separately.)

-    std::vector<uint8_t> wire_protos =
-        SerializeNextProtos(ssl_config_.next_protos,
-                            adequate_encryption && adequate_key_agreement &&
-                                IsTLSVersionAdequateForHTTP2(ssl_config_));
+    NextProtoVector next_protos = ssl_config_.next_protos;
+    if (!adequate_encryption || !adequate_key_agreement ||
+        !IsTLSVersionAdequateForHTTP2(ssl_config_)) {
+      DisableHTTP2(&next_protos);
+    }
+    std::vector<uint8_t> wire_protos = SerializeNextProtos(next_protos);
     rv = SSL_SetNextProtoNego(
         nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0],
         wire_protos.size());