Use Separate SSL Session Cache in OTR Mode

net/socket/ssl_client_socket_win.cc

Index: net/socket/ssl_client_socket_win.cc
===================================================================
--- net/socket/ssl_client_socket_win.cc	(revision 51274)
+++ net/socket/ssl_client_socket_win.cc	(working copy)
@@ -71,12 +71,14 @@
 //-----------------------------------------------------------------------------
 
 // A bitmask consisting of these bit flags encodes which versions of the SSL
-// protocol (SSL 2.0, SSL 3.0, and TLS 1.0) are enabled.
+// protocol (SSL 2.0, SSL 3.0, and TLS 1.0) are enabled and whether OTR mode
+// is enabled (this permits a separate session id cache for OTR mode).
 enum {
   SSL2 = 1 << 0,
   SSL3 = 1 << 1,
   TLS1 = 1 << 2,
-  SSL_VERSION_MASKS = 1 << 3  // The number of SSL version bitmasks.
+  OTR_MODE = 1 << 3,

[davidben, 2010/07/26 21:31:33]

OTR_MODE doesn't make much sense as a member of SSL version mask.

It looks like your bit only ends up being useful as a uniquifier for the
CredHandle maps in CredHandleTable. I think it would be cleaner just to key by
something else there. The optimization in anonymous_creds_ can probably be
preserved by making CredHandleTable not a singleton and putting the name lookup
at a higher level. (And I believe we now use NSS for sockets without client
certs on all platforms anyway.)

+  SSL_VERSION_MASKS = 1 << 4  // The number of SSL version bitmasks.
 };
 
 // CredHandleClass simply gives a default constructor and a destructor to
@@ -464,6 +466,8 @@
     ssl_version_mask |= SSL3;
   if (ssl_config_.tls1_enabled)
     ssl_version_mask |= TLS1;
+  if (ssl_config_.otr_mode)
+    ssl_version_mask |= OTR_MODE;
   // If we pass 0 to GetCredHandle, we will let Schannel select the protocols,
   // rather than enabling no protocols.  So we have to fail here.
   if (ssl_version_mask == 0)