Use Separate SSL Session Cache in OTR Mode

net/socket/ssl_client_socket_nss.cc

Index: net/socket/ssl_client_socket_nss.cc
===================================================================
--- net/socket/ssl_client_socket_nss.cc	(revision 51274)
+++ net/socket/ssl_client_socket_nss.cc	(working copy)
@@ -514,10 +514,17 @@
   // Set the peer ID for session reuse.  This is necessary when we create an
   // SSL tunnel through a proxy -- GetPeerName returns the proxy's address
   // rather than the destination server's address in that case.
+  // For requests in OTR mode use a modified peer id so that the session cache
+  // is not shared with non-OTR mode.
   // TODO(wtc): port in |peer_address| is not the server's port when a proxy is
   // used.
   std::string peer_id = StringPrintf("%s:%d", hostname_.c_str(),
-                                     peer_address.GetPort());
+                                      peer_address.GetPort());
+
+  // Separate session ID cache for OTR mode
+  if (ssl_config_.otr_mode)
+      peer_id += std::string("OTR");

[davidben, 2010/07/26 21:31:33]

An explicit separator here (another colon?) would be nice, even though there's
no chance of collision.

+
   rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str()));
   if (rv != SECSuccess)
     LOG(INFO) << "SSL_SetSockPeerID failed: peer_id=" << peer_id;