To help anyone looking at the SSL code, here are a few tips I've found handy.
There are several flavors of logging you can turn on.
SSLClientSocketImpl can log its state transitions and function calls using
base/logging.cc. To enable this, edit
net/socket/ssl_client_socket_impl.cc and change
#if 1 to
#if 0. See
base/logging.cc for where the output goes (on Linux, usually stderr).
HttpNetworkTransaction and friends can log its state transitions using
base/trace_event.cc. To enable this, arrange for your app to call
base::TraceLog::StartTracing(). The output goes to a file named
trace...pid.log in the same directory as the executable (e.g.
http://wiki.wireshark.org/SSL describes how to decode SSL traffic. Chromium SSL unit tests that use
net/base/ssl_test_util.cc to set up their servers always use port 9443 with
net/data/ssl/certificates/ok_cert.pem, and port 9666 with
net/data/ssl/certificates/expired_cert.pem This makes it easy to configure Wireshark to decode the traffic: do
Edit / Preferences / Protocols / SSL, and in the “RSA Keys List” box, enter
127.0.0.1,9443,http,<path to ok_cert.pem>;127.0.0.1,9666,http,<path to expired_cert.pem>
Then capture all tcp traffic on interface lo, and run your test.