Add an SSLConfig option to explicit disable NSSHttpIO.

This appears to be the least-bad solution to the problem that remoting can't run SSL sockets on an IO MessageLoop. See linked bug for details. BUG=118247 TEST=remoting_unittests Review URL: http://codereview.chromium.org/9702075 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@127015 0039d316-1c4b-4281-b951-d872f2087c98
author: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-03-15 22:44:30 +0000
committer: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-03-15 22:44:30 +0000
commit: 526b3f20f632e243bc8145cb2f152d50841f9dc3 (patch)
tree: dd5a8957e1f417389b7e8776f1373118db03554b /net/socket/ssl_client_socket_nss.cc
parent: f64da26e69609ca3a4a9250847d9b1c731171c6d (diff)
download: chromium_src-526b3f20f632e243bc8145cb2f152d50841f9dc3.zip
chromium_src-526b3f20f632e243bc8145cb2f152d50841f9dc3.tar.gz
chromium_src-526b3f20f632e243bc8145cb2f152d50841f9dc3.tar.bz2
1 files changed, 8 insertions, 4 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 688b8e6..2b9c73d 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -821,10 +821,12 @@ int SSLClientSocketNSS::Init() {
   if (!NSS_IsInitialized())
     return ERR_UNEXPECTED;
 #if !defined(OS_MACOSX) && !defined(OS_WIN)
-  // We must call EnsureNSSHttpIOInit() here, on the IO thread, to get the IO
-  // loop by MessageLoopForIO::current().
-  // X509Certificate::Verify() runs on a worker thread of CertVerifier.
-  EnsureNSSHttpIOInit();
+  if (ssl_config_.cert_io_enabled) {
+    // We must call EnsureNSSHttpIOInit() here, on the IO thread, to get the IO
+    // loop by MessageLoopForIO::current().
+    // X509Certificate::Verify() runs on a worker thread of CertVerifier.
+    EnsureNSSHttpIOInit();
+  }
 #endif
 
   LeaveFunction("");
@@ -1702,6 +1704,8 @@ int SSLClientSocketNSS::DoVerifyCert(int result) {
     flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
   if (ssl_config_.verify_ev_cert)
     flags |= X509Certificate::VERIFY_EV_CERT;
+  if (ssl_config_.cert_io_enabled)
+    flags |= X509Certificate::VERIFY_CERT_IO_ENABLED;
   verifier_.reset(new SingleRequestCertVerifier(cert_verifier_));
   server_cert_verify_result_ = &local_server_cert_verify_result_;
   return verifier_->Verify(
author	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-03-15 22:44:30 +0000
committer	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-03-15 22:44:30 +0000
commit	526b3f20f632e243bc8145cb2f152d50841f9dc3 (patch)
tree	dd5a8957e1f417389b7e8776f1373118db03554b /net/socket/ssl_client_socket_nss.cc
parent	f64da26e69609ca3a4a9250847d9b1c731171c6d (diff)
download	chromium_src-526b3f20f632e243bc8145cb2f152d50841f9dc3.zip chromium_src-526b3f20f632e243bc8145cb2f152d50841f9dc3.tar.gz chromium_src-526b3f20f632e243bc8145cb2f152d50841f9dc3.tar.bz2