Update third_party/nss to NSS 3.15.4.

nss/lib/certhigh/ocsp.h

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /*
  * Interface to the OCSP implementation.
  */
 
 #ifndef _OCSP_H_
 #define _OCSP_H_
@@ skipping 153 matching lines @@
  *   CERTCertDBHandle *handle
  *     Cert database on which OCSP checking should stop using a default
  *     responder.
  * RETURN:
  *   Returns SECFailure if an error occurred; SECSuccess otherwise.
  *   Errors very unlikely (like random memory corruption...).
  */
 extern SECStatus
 CERT_DisableOCSPDefaultResponder(CERTCertDBHandle *handle);
 
+/* If forcePost is set, OCSP requests will only be sent using the HTTP POST
+ * method. When forcePost is not set, OCSP requests will be sent using the
+ * HTTP GET method, with a fallback to POST when we fail to receive a response
+ * and/or when we receive an uncacheable response like "Unknown." 
+ *
+ * The default is to use GET and fallback to POST.
+ */
+extern SECStatus CERT_ForcePostMethodForOCSP(PRBool forcePost);
+
 /*
  * -------------------------------------------------------
  * The Functions above are those expected to be used by a client
  * providing OCSP status checking along with every cert verification.
  * The functions below are for OCSP testing, debugging, or clients
  * or servers performing more specialized OCSP tasks.
  * -------------------------------------------------------
  */
 
 /*
@@ skipping 524 matching lines @@
  * SEC_RegisterDefaultHttpClient then that client is used. Otherwise, an
  * internal HTTP client is used.
  */
 SECItem* CERT_PostOCSPRequest(PLArenaPool *arena, const char *location,
                               const SECItem *encodedRequest);
 
 /************************************************************************/
 SEC_END_PROTOS
 
 #endif /* _OCSP_H_ */