Update from https://crrev.com/304121

net/socket/ssl_client_socket_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
 // from AuthCertificateCallback() in
 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
 
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
@@ skipping 200 matching lines @@
 CacheOCSPResponseFromSideChannelFunction
 GetCacheOCSPResponseFromSideChannelFunction() {
   return RuntimeLibNSSFunctionPointers::GetInstance()
     ->GetCacheOCSPResponseFromSideChannelFunction();
 }
 
 bool IsOCSPStaplingSupported() {
   return GetCacheOCSPResponseFromSideChannelFunction() != NULL;
 }
 #else
-// TODO(agl): Figure out if we can plumb the OCSP response into Mac's system
-// certificate validation functions.
 bool IsOCSPStaplingSupported() {
   return false;
 }
 #endif
 
 #if defined(OS_WIN)
 
 // This callback is intended to be used with CertFindChainInStore. In addition
 // to filtering by extended/enhanced key usage, we do not show expired
 // certificates and require digital signature usage in the key usage
@@ skipping 1052 matching lines @@
   DCHECK(core->OnNSSTaskRunner());
 
   core->PostOrRunCallback(
       FROM_HERE,
       base::Bind(&AddLogEvent, core->weak_net_log_,
                  NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED));
 
   core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert;
 #if defined(OS_WIN)
   if (core->ssl_config_.send_client_cert) {
-    if (core->ssl_config_.client_cert) {
+    if (core->ssl_config_.client_cert.get()) {
       PCCERT_CONTEXT cert_context =
           core->ssl_config_.client_cert->os_cert_handle();
 
       HCRYPTPROV_OR_NCRYPT_KEY_HANDLE crypt_prov = 0;
       DWORD key_spec = 0;
       BOOL must_free = FALSE;
       DWORD flags = 0;
       if (base::win::GetVersion() >= base::win::VERSION_VISTA)
         flags |= CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG;
 
@@ skipping 317 matching lines @@
     SSL_CacheSessionUnlocked(socket);
 
     // Additionally, when False Starting, DoHandshake() will have already
     // called HandshakeSucceeded(), so return now.
     return;
   }
   core->HandshakeSucceeded();
 }
 
 void SSLClientSocketNSS::Core::HandshakeSucceeded() {
-  // TODO(vadimt): Remove ScopedProfile below once crbug.com/424386 is fixed.
-  tracked_objects::ScopedProfile tracking_profile(
+  // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed.
+  tracked_objects::ScopedTracker tracking_profile(
       FROM_HERE_WITH_EXPLICIT_FUNCTION(
           "424386 SSLClientSocketNSS::Core::HandshakeSucceeded"));
 
   DCHECK(OnNSSTaskRunner());
 
   PRBool last_handshake_resumed;
   SECStatus rv = SSL_HandshakeResumedSession(nss_fd_, &last_handshake_resumed);
   if (rv == SECSuccess && last_handshake_resumed) {
     nss_handshake_state_.resumed_handshake = true;
   } else {
     nss_handshake_state_.resumed_handshake = false;
   }
 
   RecordChannelIDSupportOnNSSTaskRunner();
   UpdateServerCert();
   UpdateSignedCertTimestamps();
   UpdateStapledOCSPResponse();
   UpdateConnectionStatus();
   UpdateNextProto();
   UpdateExtensionUsed();
 
   // Update the network task runners view of the handshake state whenever
   // a handshake has completed.
   PostOrRunCallback(
       FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, this,
                             nss_handshake_state_));
 }
 
 int SSLClientSocketNSS::Core::HandleNSSError(PRErrorCode nss_error) {
-  // TODO(vadimt): Remove ScopedProfile below once crbug.com/424386 is fixed.
-  tracked_objects::ScopedProfile tracking_profile(
+  // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed.
+  tracked_objects::ScopedTracker tracking_profile(
       FROM_HERE_WITH_EXPLICIT_FUNCTION(
           "424386 SSLClientSocketNSS::Core::HandleNSSError"));
 
   DCHECK(OnNSSTaskRunner());
 
   int net_error = MapNSSClientError(nss_error);
 
 #if defined(OS_WIN)
   // On Windows, a handle to the HCRYPTPROV is cached in the X509Certificate
   // os_cert_handle() as an optimization. However, if the certificate
   // private key is stored on a smart card, and the smart card is removed,
   // the cached HCRYPTPROV will not be able to obtain the HCRYPTKEY again,
   // preventing client certificate authentication. Because the
   // X509Certificate may outlive the individual SSLClientSocketNSS, due to
   // caching in X509Certificate, this failure ends up preventing client
   // certificate authentication with the same certificate for all future
   // attempts, even after the smart card has been re-inserted. By setting
   // the CERT_KEY_PROV_HANDLE_PROP_ID to NULL, the cached HCRYPTPROV will
   // typically be freed. This allows a new HCRYPTPROV to be obtained from
   // the certificate on the next attempt, which should succeed if the smart
   // card has been re-inserted, or will typically prompt the user to
   // re-insert the smart card if not.
   if ((net_error == ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY ||
        net_error == ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED) &&
-      ssl_config_.send_client_cert && ssl_config_.client_cert) {
+      ssl_config_.send_client_cert && ssl_config_.client_cert.get()) {
     CertSetCertificateContextProperty(
         ssl_config_.client_cert->os_cert_handle(),
         CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL);
   }
 #endif
 
   return net_error;
 }
 
 int SSLClientSocketNSS::Core::DoHandshakeLoop(int last_io_result) {
@@ skipping 105 matching lines @@
   // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed.
   tracked_objects::ScopedTracker tracking_profile(
       FROM_HERE_WITH_EXPLICIT_FUNCTION(
           "424386 SSLClientSocketNSS::Core::DoHandshake"));
 
   DCHECK(OnNSSTaskRunner());
 
   int net_error = OK;
   SECStatus rv = SSL_ForceHandshake(nss_fd_);
 
-  // TODO(vadimt): Remove ScopedProfile below once crbug.com/424386 is fixed.
-  tracked_objects::ScopedProfile tracking_profile1(
+  // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed.
+  tracked_objects::ScopedTracker tracking_profile1(
       FROM_HERE_WITH_EXPLICIT_FUNCTION(
           "424386 SSLClientSocketNSS::Core::DoHandshake 1"));
 
   // Note: this function may be called multiple times during the handshake, so
   // even though channel id and client auth are separate else cases, they can
   // both be used during a single SSL handshake.
   if (channel_id_needed_) {
     GotoState(STATE_GET_DOMAIN_BOUND_CERT_COMPLETE);
     net_error = ERR_IO_PENDING;
   } else if (client_auth_cert_needed_) {
@@ skipping 601 matching lines @@
   bool ocsp_responses_present = ocsp_responses && ocsp_responses->len;
   if (ocsp_requested)
     UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled", ocsp_responses_present);
   if (!ocsp_responses_present)
     return;
 
   nss_handshake_state_.stapled_ocsp_response = std::string(
       reinterpret_cast<char*>(ocsp_responses->items[0].data),
       ocsp_responses->items[0].len);
 
-  // TODO(agl): figure out how to plumb an OCSP response into the Mac
-  // system library and update IsOCSPStaplingSupported for Mac.
   if (IsOCSPStaplingSupported()) {
   #if defined(OS_WIN)
-    if (nss_handshake_state_.server_cert) {
+    if (nss_handshake_state_.server_cert.get()) {
       CRYPT_DATA_BLOB ocsp_response_blob;
       ocsp_response_blob.cbData = ocsp_responses->items[0].len;
       ocsp_response_blob.pbData = ocsp_responses->items[0].data;
       BOOL ok = CertSetCertificateContextProperty(
           nss_handshake_state_.server_cert->os_cert_handle(),
           CERT_OCSP_RESPONSE_PROP_ID,
           CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG,
           &ocsp_response_blob);
       if (!ok) {
         VLOG(1) << "Failed to set OCSP response property: "
@@ skipping 1160 matching lines @@
 scoped_refptr<X509Certificate>
 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const {
   return core_->state().server_cert.get();
 }
 
 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {
   return channel_id_service_;
 }
 
 }  // namespace net