Remove dead code in client auth logic.

Both socket implementations have client auth logic to remove a session from the
session cache in case of client auth. In both cases, this doesn't do anything.
The OpenSSL one was copied from the NSS one. It was always dead code and became
a no-op when we stopped using the internal session cache (see
https://crbug.com/466352).

The NSS one dates to http://codereview.chromium.org/276037. At that time, we
returned SECFailure rather than SECWouldBlock, so the handshake would continue
and potentially poison the session cache. As of
http://codereview.chromium.org/669198, this was no longer an issue.

BUG=none

Review URL: https://codereview.chromium.org/1013193004

Cr-Commit-Position: refs/heads/master@{#322178}

net/socket/ssl_client_socket_nss.cc

@@ -1857,14 +1857,6 @@ int SSLClientSocketNSS::Core::DoHandshake() {
         base::Bind(&AddLogEventWithCallback, weak_net_log_,
                    NetLog::TYPE_SSL_HANDSHAKE_ERROR,
                    CreateNetLogSSLErrorCallback(net_error, 0)));
-
-    // If the handshake already succeeded (because the server requests but
-    // doesn't require a client cert), we need to invalidate the SSL session
-    // so that we won't try to resume the non-client-authenticated session in
-    // the next handshake.  This will cause the server to ask for a client
-    // cert again.
-    if (rv == SECSuccess && SSL_InvalidateSession(nss_fd_) != SECSuccess)
-      LOG(WARNING) << "Couldn't invalidate SSL session: " << PR_GetError();
   } else if (rv == SECSuccess) {
     if (!handshake_callback_called_) {
       false_started_ = true;

net/socket/ssl_client_socket_openssl.cc

@@ -926,27 +926,7 @@ int SSLClientSocketOpenSSL::DoHandshake() {
     }
   }
 
-  if (client_auth_cert_needed_) {
-    // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed.
-    tracked_objects::ScopedTracker tracking_profile2(
-        FROM_HERE_WITH_EXPLICIT_FUNCTION(
-            "424386 SSLClientSocketOpenSSL::DoHandshake2"));
-
-    net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
-    // If the handshake already succeeded (because the server requests but
-    // doesn't require a client cert), we need to invalidate the SSL session
-    // so that we won't try to resume the non-client-authenticated session in
-    // the next handshake.  This will cause the server to ask for a client
-    // cert again.
-    if (rv == 1) {
-      // Remove from session cache but don't clear this connection.
-      SSL_SESSION* session = SSL_get_session(ssl_);
-      if (session) {
-        int rv = SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl_), session);
-        LOG_IF(WARNING, !rv) << "Couldn't invalidate SSL session: " << session;
-      }
-    }
-  } else if (rv == 1) {
+  if (rv == 1) {
     // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed.
     tracked_objects::ScopedTracker tracking_profile3(
         FROM_HERE_WITH_EXPLICIT_FUNCTION(
@@ -1004,6 +984,9 @@ int SSLClientSocketOpenSSL::DoHandshake() {
         FROM_HERE_WITH_EXPLICIT_FUNCTION(
             "424386 SSLClientSocketOpenSSL::DoHandshake4"));
 
+    if (client_auth_cert_needed_)
+      return ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
+
     int ssl_error = SSL_get_error(ssl_, rv);
 
     if (ssl_error == SSL_ERROR_WANT_CHANNEL_ID_LOOKUP) {