net: don't set NSS options in a callback.

net/third_party/nss/ssl/ssl3con.c

 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /*
  * SSL3 Protocol
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
@@ skipping 6083 matching lines @@
 
 PRBool
 ssl3_CanFalseStart(sslSocket *ss) {
     PRBool rv;
 
     PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
 
     /* XXX: does not take into account whether we are waiting for
      * SSL_AuthCertificateComplete or SSL_RestartHandshakeAfterCertReq. If/when
      * that is done, this function could return different results each time it
      * would be called.

[wtc, 2012/04/27 20:52:37]

Nit: would be nice to add a comment about the NPN extension
check here.

[agl, 2012/04/30 16:53:31]

Done (and patch updated).

      */
 
     ssl_GetSpecReadLock(ss);
     rv = ss->opt.enableFalseStart &&
          !ss->sec.isServer &&
          !ss->ssl3.hs.isResuming &&
+         ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn) &&
          ss->ssl3.cwSpec &&
 
          /* An attacker can control the selected ciphersuite so we only wish to
           * do False Start in the case that the selected ciphersuite is
           * sufficiently strong that the attack can gain no advantage.
           * Therefore we require an 80-bit cipher and a forward-secret key
           * exchange. */
          ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 &&
         (ss->ssl3.hs.kea_def->kea == kea_dhe_dss ||
          ss->ssl3.hs.kea_def->kea == kea_dhe_rsa ||
@@ skipping 4339 matching lines @@
             PORT_Free(ss->ssl3.hs.recvdFragments.buf);
         }
     }
 
     ss->ssl3.initialized = PR_FALSE;
 
     SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
 }
 
 /* End of ssl3con.c */