-
davidben authored
Only HTTP/1.1 (and below) sockets may renegotiate. This fix a crash because SpdyHttpStream didn't account for this properly. (And can't as the renego + client auth hack is inherently incompatible with multiplexing.) Tested manually against hacked up Go servers: - HTTP/1.1 server which renegotiates with client auth before sending a response on a fresh socket. - Same as above but with a reused socket (the server only requests renego when fetching /auth). - HTTP/2 which incorrectly renegotiates with client auth upon requesting /auth. Verified that we get ERR_SSL_PROTOCOL_ERROR and not crash. - HTTP/1.1 server which does two handshakes in a row with Finished and HelloRequest in the same record. NSS and BoringSSL differ in their behavior here, but in neither port should we miss the renego. BUG=484543,462283 Review URL: https://codereview.chromium.org/1131763002 Cr-Commit-Position: refs/heads/master@{#329466}
421116c2
