Use Separate SSL Session Cache in OTR Mode

net/socket/ssl_client_socket_mac.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket_mac.h"
 
 #include <CoreServices/CoreServices.h>
 #include <netdb.h>
 #include <sys/socket.h>
 #include <sys/types.h>
@@ skipping 792 matching lines @@
     // resume a session, we must connect to the same server on the same port
     // using the same hostname (i.e., localhost and 127.0.0.1 are considered
     // different peers, which puts us through certificate validation again
     // and catches hostname/certificate name mismatches.
     AddressList address;
     int rv = transport_->GetPeerAddress(&address);
     if (rv != OK)
       return rv;
     const struct addrinfo* ai = address.head();
     std::string peer_id(hostname_);
+    // Unique session cache for OTR mode
+    if (ssl_config_.otr_mode)
+        peer_id += std::string("OTR");

[davidben, 2010/07/26 21:31:33]

Unless hostname also includes the port (and even then, this feels poor), you'd
want to integrate the uniquifier with proper separators. You're probably saved
at the last minute from collisions by the capitalization, but it's not something
immediately apparent to someone reading the code.

     peer_id += std::string(reinterpret_cast<char*>(ai->ai_addr),
                            ai->ai_addrlen);
 
     // SSLSetPeerID() treats peer_id as a binary blob, and makes its
     // own copy.
     status = SSLSetPeerID(ssl_context_, peer_id.data(), peer_id.length());
     if (status)
       return NetErrorFromOSStatus(status);
   } else if (status != unimpErr) {  // it's OK if the API isn't available
     return NetErrorFromOSStatus(status);
@@ skipping 469 matching lines @@
   if (rv < 0 && rv != ERR_IO_PENDING) {
     us->write_io_buf_ = NULL;
     return OSStatusFromNetError(rv);
   }
 
   // always lie to our caller
   return noErr;
 }
 
 }  // namespace net