Add an explicit function to init NSS for SSL server sockets

net/socket/nss_ssl_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/nss_ssl_util.h"
+#include "net/socket/nss_ssl_util_internal.h"
 
 #include <nss.h>
 #include <secerr.h>
 #include <ssl.h>
 #include <sslerr.h>
 
 #include <string>
 
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/memory/singleton.h"
 #include "base/threading/thread_restrictions.h"
 #include "base/values.h"
 #include "crypto/nss_util.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_log.h"
 
 namespace net {
 
+namespace {
+
 class NSSSSLInitSingleton {
  public:
   NSSSSLInitSingleton() {
     crypto::EnsureNSSInit();
 
     NSS_SetDomesticPolicy();
 
 #if defined(USE_SYSTEM_SSL)
     // Use late binding to avoid scary but benign warning
     // "Symbol `SSL_ImplementedCiphers' has different size in shared object,
@@ skipping 27 matching lines @@
     // All other SSL options are set per-session by SSLClientSocket and
     // SSLServerSocket.
   }
 
   ~NSSSSLInitSingleton() {
     // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY.
     SSL_ClearSessionCache();
   }
 };
 
+class NSSSSLServerInitSingleton {
+ public:
+  NSSSSLServerInitSingleton() {
+    EnsureNSSSSLInit();
+
+    SSL_ConfigServerSessionIDCache(1024, 5, 5, NULL);
+  }
+
+  ~NSSSSLServerInitSingleton() {
+    SSL_ShutdownServerSessionIDCache();
+  }
+};
+
 static base::LazyInstance<NSSSSLInitSingleton> g_nss_ssl_init_singleton =
     LAZY_INSTANCE_INITIALIZER;
 
+static base::LazyInstance<NSSSSLServerInitSingleton>
+    g_nss_ssl_server_init_singleton = LAZY_INSTANCE_INITIALIZER;
+
+}  // namespace
+
 // Initialize the NSS SSL library if it isn't already initialized.  This must
 // be called before any other NSS SSL functions.  This function is
 // thread-safe, and the NSS SSL library will only ever be initialized once.
 // The NSS SSL library will be properly shut down on program exit.
 void EnsureNSSSSLInit() {
   // Initializing SSL causes us to do blocking IO.
   // Temporarily allow it until we fix
   //   http://code.google.com/p/chromium/issues/detail?id=59847
   base::ThreadRestrictions::ScopedAllowIO allow_io;
 
   g_nss_ssl_init_singleton.Get();
 }
 
+void EnsureNSSSSLServerInit() {
+  g_nss_ssl_server_init_singleton.Get();
+}
+
 // Map a Chromium net error code to an NSS error code.
 // See _MD_unix_map_default_error in the NSS source
 // tree for inspiration.
 PRErrorCode MapErrorToNSS(int result) {
   if (result >=0)
     return result;
 
   switch (result) {
     case ERR_IO_PENDING:
       return PR_WOULD_BLOCK_ERROR;
@@ skipping 153 matching lines @@
 
 void LogFailedNSSFunction(const BoundNetLog& net_log,
                           const char* function,
                           const char* param) {
   net_log.AddEvent(
       NetLog::TYPE_SSL_NSS_ERROR,
       make_scoped_refptr(new SSLFailedNSSFunctionParams(function, param)));
 }
 
 }  // namespace net