Add an explicit function to init NSS for SSL server sockets

net/socket/ssl_server_socket_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_server_socket_nss.h"
 
 #if defined(OS_WIN)
 #include <winsock2.h>
 #endif
 
@@ skipping 11 matching lines @@
 #include <nss.h>
 #include <pk11pub.h>
 #include <secerr.h>
 #include <sechash.h>
 #include <ssl.h>
 #include <sslerr.h>
 #include <sslproto.h>
 
 #include <limits>
 
+#include "base/lazy_instance.h"
 #include "base/memory/ref_counted.h"
 #include "crypto/rsa_private_key.h"
 #include "crypto/nss_util_internal.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_log.h"
 #include "net/ocsp/nss_ocsp.h"
 #include "net/socket/nss_ssl_util.h"
 #include "net/socket/ssl_error_params.h"
 
 static const int kRecvBufferSize = 4096;
 
 #define GotoState(s) next_handshake_state_ = s
 
 namespace net {
 
+namespace {
+
+bool g_nss_server_sockets_init = false;
+
+class NSSSSLServerInitSingleton {
+ public:
+  NSSSSLServerInitSingleton() {
+    EnsureNSSSSLInit();
+
+    SSL_ConfigServerSessionIDCache(1024, 5, 5, NULL);
+    g_nss_server_sockets_init = true;
+  }
+
+  ~NSSSSLServerInitSingleton() {
+    SSL_ShutdownServerSessionIDCache();
+    g_nss_server_sockets_init = false;
+  }
+};
+
+static base::LazyInstance<NSSSSLServerInitSingleton>
+    g_nss_ssl_server_init_singleton = LAZY_INSTANCE_INITIALIZER;
+
+}  // namespace
+
+void EnableSSLServerSockets() {
+  g_nss_ssl_server_init_singleton.Get();
+}
+
 SSLServerSocket* CreateSSLServerSocket(
     StreamSocket* socket,
     X509Certificate* cert,
     crypto::RSAPrivateKey* key,
     const SSLConfig& ssl_config) {
+  DCHECK(g_nss_server_sockets_init) << "EnableSSLServerSockets() has not been"
+                                    << "called yet!";
+
   return new SSLServerSocketNSS(socket, cert, key, ssl_config);
 }
 
 SSLServerSocketNSS::SSLServerSocketNSS(
     StreamSocket* transport_socket,
     scoped_refptr<X509Certificate> cert,
     crypto::RSAPrivateKey* key,
     const SSLConfig& ssl_config)
     : transport_send_busy_(false),
       transport_recv_busy_(false),
@@ skipping 265 matching lines @@
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUEST_CERTIFICATE");
     return ERR_UNEXPECTED;
   }
 
   rv = SSL_OptionSet(nss_fd_, SSL_REQUIRE_CERTIFICATE, PR_FALSE);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUIRE_CERTIFICATE");
     return ERR_UNEXPECTED;
   }
 
-  rv = SSL_ConfigServerSessionIDCache(1024, 5, 5, NULL);
-  if (rv != SECSuccess) {
-    LogFailedNSSFunction(net_log_, "SSL_ConfigureServerSessionIDCache", "");
-    return ERR_UNEXPECTED;
-  }
-
   rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_AuthCertificateHook", "");
     return ERR_UNEXPECTED;
   }
 
   rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_HandshakeCallback", "");
     return ERR_UNEXPECTED;
@@ skipping 410 matching lines @@
   // TODO(hclam): Implement.
 }
 
 int SSLServerSocketNSS::Init() {
   // Initialize the NSS SSL library in a threadsafe way.  This also
   // initializes the NSS base library.
   EnsureNSSSSLInit();
   if (!NSS_IsInitialized())
     return ERR_UNEXPECTED;
 
+  EnableSSLServerSockets();
   return OK;
 }
 
 }  // namespace net