diff options
| -rw-r--r-- | chrome/browser/profile.cc | 13 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 7 |
2 files changed, 18 insertions, 2 deletions
diff --git a/chrome/browser/profile.cc b/chrome/browser/profile.cc index 5d39188..dcfe530 100644 --- a/chrome/browser/profile.cc +++ b/chrome/browser/profile.cc @@ -48,6 +48,7 @@ #include "net/base/force_tls_state.h" #if defined(OS_LINUX) +#include "net/ocsp/nss_ocsp.h" #include "chrome/browser/gtk/gtk_theme_provider.h" #endif @@ -650,8 +651,14 @@ ProfileImpl::~ProfileImpl() { spellchecker_->Release(); } - if (default_request_context_ == request_context_) + if (default_request_context_ == request_context_) { +#if defined(OS_LINUX) + // We use default_request_context_ for OCSP. + // Release URLRequestContext used in OCSP handlers. + net::SetURLRequestContextForOCSP(NULL); +#endif default_request_context_ = NULL; + } CleanupRequestContext(request_context_); CleanupRequestContext(media_request_context_); @@ -795,6 +802,10 @@ URLRequestContext* ProfileImpl::GetRequestContext() { NotificationService::current()->Notify( NotificationType::DEFAULT_REQUEST_CONTEXT_AVAILABLE, NotificationService::AllSources(), NotificationService::NoDetails()); +#if defined(OS_LINUX) + // TODO(ukai): find a better way to set the URLRequestContext for OCSP. + net::SetURLRequestContextForOCSP(default_request_context_); +#endif } DCHECK(request_context_->cookie_store()); diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index acdcf73..96a8c6d 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -70,6 +70,7 @@ #include "net/base/io_buffer.h" #include "net/base/net_errors.h" #include "net/base/ssl_info.h" +#include "net/ocsp/nss_ocsp.h" static const int kRecvBufferSize = 4096; @@ -214,8 +215,12 @@ SSLClientSocketNSS::~SSLClientSocketNSS() { int SSLClientSocketNSS::Init() { EnterFunction(""); - // Call NSS_NoDB_Init() in a threadsafe way. + // Initialize NSS in a threadsafe way. base::EnsureNSSInit(); + // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop + // by MessageLoopForIO::current(). + // X509Certificate::Verify() runs on a worker thread of CertVerifier. + EnsureOCSPInit(); LeaveFunction(""); return OK; |