summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorsergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-08-23 21:10:02 +0000
committersergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-08-23 21:10:02 +0000
commit4f38ffc015c54cb3e50443b1797e7753d49d5957 (patch)
treef328e16915384ae9e9732c7b1019f7f19c32f0b8 /net
parent2cb588db952bc9e265c45849907aa1c4d0c6655a (diff)
downloadchromium_src-4f38ffc015c54cb3e50443b1797e7753d49d5957.zip
chromium_src-4f38ffc015c54cb3e50443b1797e7753d49d5957.tar.gz
chromium_src-4f38ffc015c54cb3e50443b1797e7753d49d5957.tar.bz2
Remove DisableOCSP().
Instead of calling DisableOCSP() all SSL socket used in sandbox should be created with reb_checking_enabled flag set to false. BUG=93273 TEST=None Review URL: http://codereview.chromium.org/7685040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97918 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
-rw-r--r--net/ocsp/nss_ocsp.cc21
-rw-r--r--net/ocsp/nss_ocsp.h7
-rw-r--r--net/socket/ssl_client_socket_nss.cc10
-rw-r--r--net/socket/ssl_server_socket_nss.cc6
4 files changed, 9 insertions, 35 deletions
diff --git a/net/ocsp/nss_ocsp.cc b/net/ocsp/nss_ocsp.cc
index ccff919..ec24107 100644
--- a/net/ocsp/nss_ocsp.cc
+++ b/net/ocsp/nss_ocsp.cc
@@ -41,8 +41,6 @@ namespace {
pthread_mutex_t g_request_context_lock = PTHREAD_MUTEX_INITIALIZER;
static net::URLRequestContext* g_request_context = NULL;
-static bool g_disable_ocsp = false;
-
class OCSPRequestSession;
class OCSPIOLoop {
@@ -911,9 +909,6 @@ char* GetAlternateOCSPAIAInfo(CERTCertificate *cert) {
namespace net {
void SetMessageLoopForOCSP() {
- // Must not be called when OCSP is disabled.
- DCHECK(!g_disable_ocsp);
-
// Must have a MessageLoopForIO.
DCHECK(MessageLoopForIO::current());
@@ -923,27 +918,17 @@ void SetMessageLoopForOCSP() {
DCHECK(!used);
}
-void DisableOCSP() {
- g_disable_ocsp = true;
-}
-
void EnsureOCSPInit() {
- if (!g_disable_ocsp) {
- g_ocsp_io_loop.Get().StartUsing();
- g_ocsp_nss_initialization.Get();
- }
+ g_ocsp_io_loop.Get().StartUsing();
+ g_ocsp_nss_initialization.Get();
}
void ShutdownOCSP() {
- if (!g_disable_ocsp)
- g_ocsp_io_loop.Get().Shutdown();
+ g_ocsp_io_loop.Get().Shutdown();
}
// This function would be called before NSS initialization.
void SetURLRequestContextForOCSP(URLRequestContext* request_context) {
- // Must not be called when OCSP is disabled.
- DCHECK(!g_disable_ocsp);
-
pthread_mutex_lock(&g_request_context_lock);
if (request_context) {
DCHECK(!g_request_context);
diff --git a/net/ocsp/nss_ocsp.h b/net/ocsp/nss_ocsp.h
index 93d07ce..bf67751 100644
--- a/net/ocsp/nss_ocsp.h
+++ b/net/ocsp/nss_ocsp.h
@@ -17,13 +17,6 @@ class URLRequestContext;
// control the message loop for OCSP.
NET_EXPORT void SetMessageLoopForOCSP();
-// Disables OCSP for the current process. This is needed to run SSL
-// code in the renderer process. After this method is called all
-// calls to EnsureOCSPInit() and ShutdownOCSP() are ignored. When
-// OCSP is disabled SetMessageLoopForOCSP() and
-// SetURLRequestContextForOCSP() are useless and should not be called.
-NET_EXPORT void DisableOCSP();
-
// Initializes OCSP handlers for NSS. This must be called before any
// certificate verification functions. This function is thread-safe, and OCSP
// handlers will only ever be initialized once. ShutdownOCSP() must be called
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 5380a9a..4fdecc9 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -838,10 +838,12 @@ int SSLClientSocketNSS::Init() {
if (!NSS_IsInitialized())
return ERR_UNEXPECTED;
#if !defined(OS_MACOSX) && !defined(OS_WIN)
- // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop
- // by MessageLoopForIO::current().
- // X509Certificate::Verify() runs on a worker thread of CertVerifier.
- EnsureOCSPInit();
+ if (ssl_config_.rev_checking_enabled) {
+ // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop
+ // by MessageLoopForIO::current().
+ // X509Certificate::Verify() runs on a worker thread of CertVerifier.
+ EnsureOCSPInit();
+ }
#endif
LeaveFunction("");
diff --git a/net/socket/ssl_server_socket_nss.cc b/net/socket/ssl_server_socket_nss.cc
index 08d84b9..78410f8 100644
--- a/net/socket/ssl_server_socket_nss.cc
+++ b/net/socket/ssl_server_socket_nss.cc
@@ -762,12 +762,6 @@ int SSLServerSocketNSS::Init() {
EnsureNSSSSLInit();
if (!NSS_IsInitialized())
return ERR_UNEXPECTED;
-#if !defined(OS_MACOSX) && !defined(OS_WIN)
- // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop
- // by MessageLoopForIO::current().
- // X509Certificate::Verify() runs on a worker thread of CertVerifier.
- EnsureOCSPInit();
-#endif
return OK;
}