Chromium Code Reviews| Index: net/ocsp/nss_ocsp.cc |
| diff --git a/net/ocsp/nss_ocsp.cc b/net/ocsp/nss_ocsp.cc |
| index 273e341bdfa1703aca1feb3fb4405ee7b7a076b0..42bec37d8346ab689aa964a729e3142627a731be 100644 |
| --- a/net/ocsp/nss_ocsp.cc |
| +++ b/net/ocsp/nss_ocsp.cc |
| @@ -40,7 +40,11 @@ namespace { |
| // Protects |g_request_context|. |
| pthread_mutex_t g_request_context_lock = PTHREAD_MUTEX_INITIALIZER; |
| -static net::URLRequestContext* g_request_context = NULL; |
| +net::URLRequestContext* g_request_context = NULL; |
| + |
| +// The default timeout for OCSP in NSS is 60 seconds. Adjust this value to |
| +// 15 seconds, which matches the default on Windows. |
| +const int kOcspTimeoutInSecs = 15; |
| class OCSPRequestSession; |
| @@ -545,6 +549,10 @@ OCSPNSSInitialization::OCSPNSSInitialization() { |
| NOTREACHED() << "Error initializing OCSP: " << PR_GetError(); |
| } |
| + // The default NSS value for OCSP timeouts is 60 seconds. Set this to be |
|
wtc
2012/08/24 21:52:08
Nit: omit this comment because it is already in fr
Ryan Sleevi
2012/08/24 21:58:24
They suggest (no less than) 3 seconds, but I think
|
| + // something more sane. |
| + CERT_SetOCSPTimeout(kOcspTimeoutInSecs); |
|
wtc
2012/08/24 21:52:08
I verified that this function always returns SECSu
Ryan Sleevi
2012/08/24 21:58:24
Yes, I checked this function, at least couldn't fi
|
| + |
| // Work around NSS bugs 524013 and 564334. NSS incorrectly thinks the |
| // CRLs for Network Solutions Certificate Authority have bad signatures, |
| // which causes certificates issued by that CA to be reported as revoked. |