diff options
author | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-08-23 21:10:02 +0000 |
---|---|---|
committer | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-08-23 21:10:02 +0000 |
commit | 4f38ffc015c54cb3e50443b1797e7753d49d5957 (patch) | |
tree | f328e16915384ae9e9732c7b1019f7f19c32f0b8 /net | |
parent | 2cb588db952bc9e265c45849907aa1c4d0c6655a (diff) | |
download | chromium_src-4f38ffc015c54cb3e50443b1797e7753d49d5957.zip chromium_src-4f38ffc015c54cb3e50443b1797e7753d49d5957.tar.gz chromium_src-4f38ffc015c54cb3e50443b1797e7753d49d5957.tar.bz2 |
Remove DisableOCSP().
Instead of calling DisableOCSP() all SSL socket used in sandbox should be created with reb_checking_enabled flag set to false.
BUG=93273
TEST=None
Review URL: http://codereview.chromium.org/7685040
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97918 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
-rw-r--r-- | net/ocsp/nss_ocsp.cc | 21 | ||||
-rw-r--r-- | net/ocsp/nss_ocsp.h | 7 | ||||
-rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 10 | ||||
-rw-r--r-- | net/socket/ssl_server_socket_nss.cc | 6 |
4 files changed, 9 insertions, 35 deletions
diff --git a/net/ocsp/nss_ocsp.cc b/net/ocsp/nss_ocsp.cc index ccff919..ec24107 100644 --- a/net/ocsp/nss_ocsp.cc +++ b/net/ocsp/nss_ocsp.cc @@ -41,8 +41,6 @@ namespace { pthread_mutex_t g_request_context_lock = PTHREAD_MUTEX_INITIALIZER; static net::URLRequestContext* g_request_context = NULL; -static bool g_disable_ocsp = false; - class OCSPRequestSession; class OCSPIOLoop { @@ -911,9 +909,6 @@ char* GetAlternateOCSPAIAInfo(CERTCertificate *cert) { namespace net { void SetMessageLoopForOCSP() { - // Must not be called when OCSP is disabled. - DCHECK(!g_disable_ocsp); - // Must have a MessageLoopForIO. DCHECK(MessageLoopForIO::current()); @@ -923,27 +918,17 @@ void SetMessageLoopForOCSP() { DCHECK(!used); } -void DisableOCSP() { - g_disable_ocsp = true; -} - void EnsureOCSPInit() { - if (!g_disable_ocsp) { - g_ocsp_io_loop.Get().StartUsing(); - g_ocsp_nss_initialization.Get(); - } + g_ocsp_io_loop.Get().StartUsing(); + g_ocsp_nss_initialization.Get(); } void ShutdownOCSP() { - if (!g_disable_ocsp) - g_ocsp_io_loop.Get().Shutdown(); + g_ocsp_io_loop.Get().Shutdown(); } // This function would be called before NSS initialization. void SetURLRequestContextForOCSP(URLRequestContext* request_context) { - // Must not be called when OCSP is disabled. - DCHECK(!g_disable_ocsp); - pthread_mutex_lock(&g_request_context_lock); if (request_context) { DCHECK(!g_request_context); diff --git a/net/ocsp/nss_ocsp.h b/net/ocsp/nss_ocsp.h index 93d07ce..bf67751 100644 --- a/net/ocsp/nss_ocsp.h +++ b/net/ocsp/nss_ocsp.h @@ -17,13 +17,6 @@ class URLRequestContext; // control the message loop for OCSP. NET_EXPORT void SetMessageLoopForOCSP(); -// Disables OCSP for the current process. This is needed to run SSL -// code in the renderer process. After this method is called all -// calls to EnsureOCSPInit() and ShutdownOCSP() are ignored. When -// OCSP is disabled SetMessageLoopForOCSP() and -// SetURLRequestContextForOCSP() are useless and should not be called. -NET_EXPORT void DisableOCSP(); - // Initializes OCSP handlers for NSS. This must be called before any // certificate verification functions. This function is thread-safe, and OCSP // handlers will only ever be initialized once. ShutdownOCSP() must be called diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 5380a9a..4fdecc9 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -838,10 +838,12 @@ int SSLClientSocketNSS::Init() { if (!NSS_IsInitialized()) return ERR_UNEXPECTED; #if !defined(OS_MACOSX) && !defined(OS_WIN) - // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop - // by MessageLoopForIO::current(). - // X509Certificate::Verify() runs on a worker thread of CertVerifier. - EnsureOCSPInit(); + if (ssl_config_.rev_checking_enabled) { + // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop + // by MessageLoopForIO::current(). + // X509Certificate::Verify() runs on a worker thread of CertVerifier. + EnsureOCSPInit(); + } #endif LeaveFunction(""); diff --git a/net/socket/ssl_server_socket_nss.cc b/net/socket/ssl_server_socket_nss.cc index 08d84b9..78410f8 100644 --- a/net/socket/ssl_server_socket_nss.cc +++ b/net/socket/ssl_server_socket_nss.cc @@ -762,12 +762,6 @@ int SSLServerSocketNSS::Init() { EnsureNSSSSLInit(); if (!NSS_IsInitialized()) return ERR_UNEXPECTED; -#if !defined(OS_MACOSX) && !defined(OS_WIN) - // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop - // by MessageLoopForIO::current(). - // X509Certificate::Verify() runs on a worker thread of CertVerifier. - EnsureOCSPInit(); -#endif return OK; } |