Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(425)

Unified Diff: net/ocsp/nss_ocsp.cc

Issue 10875059: Reduce the network timeout for NSS from 60 seconds to 15 seconds (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ocsp/nss_ocsp.cc
diff --git a/net/ocsp/nss_ocsp.cc b/net/ocsp/nss_ocsp.cc
index 273e341bdfa1703aca1feb3fb4405ee7b7a076b0..42bec37d8346ab689aa964a729e3142627a731be 100644
--- a/net/ocsp/nss_ocsp.cc
+++ b/net/ocsp/nss_ocsp.cc
@@ -40,7 +40,11 @@ namespace {
// Protects |g_request_context|.
pthread_mutex_t g_request_context_lock = PTHREAD_MUTEX_INITIALIZER;
-static net::URLRequestContext* g_request_context = NULL;
+net::URLRequestContext* g_request_context = NULL;
+
+// The default timeout for OCSP in NSS is 60 seconds. Adjust this value to
+// 15 seconds, which matches the default on Windows.
+const int kOcspTimeoutInSecs = 15;
class OCSPRequestSession;
@@ -545,6 +549,10 @@ OCSPNSSInitialization::OCSPNSSInitialization() {
NOTREACHED() << "Error initializing OCSP: " << PR_GetError();
}
+ // The default NSS value for OCSP timeouts is 60 seconds. Set this to be
wtc 2012/08/24 21:52:08 Nit: omit this comment because it is already in fr
Ryan Sleevi 2012/08/24 21:58:24 They suggest (no less than) 3 seconds, but I think
+ // something more sane.
+ CERT_SetOCSPTimeout(kOcspTimeoutInSecs);
wtc 2012/08/24 21:52:08 I verified that this function always returns SECSu
Ryan Sleevi 2012/08/24 21:58:24 Yes, I checked this function, at least couldn't fi
+
// Work around NSS bugs 524013 and 564334. NSS incorrectly thinks the
// CRLs for Network Solutions Certificate Authority have bad signatures,
// which causes certificates issued by that CA to be reported as revoked.
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698