2 files changed, 11 insertions, 4 deletions

diff --git a/net/base/x509_util.cc b/net/base/x509_util.cc
index a272470..2e09a0f 100644
--- a/net/base/x509_util.cc
+++ b/net/base/x509_util.cc
@@ -11,6 +11,8 @@ namespace net {
 
 namespace x509_util {
 
+ClientCertSorter::ClientCertSorter() : now_(base::Time::Now()) {}
+
 bool ClientCertSorter::operator()(
     const scoped_refptr<X509Certificate>& a,
     const scoped_refptr<X509Certificate>& b) const {
@@ -19,9 +21,8 @@ bool ClientCertSorter::operator()(
     return a.get() && !b.get();
 
   // Certificates that are expired/not-yet-valid are sorted last.
-  base::Time now = base::Time::Now();
-  bool a_is_valid = now >= a->valid_start() && now <= a->valid_expiry();
-  bool b_is_valid = now >= b->valid_start() && now <= b->valid_expiry();
+  bool a_is_valid = now_ >= a->valid_start() && now_ <= a->valid_expiry();
+  bool b_is_valid = now_ >= b->valid_start() && now_ <= b->valid_expiry();
   if (a_is_valid != b_is_valid)
     return a_is_valid && !b_is_valid;
 
diff --git a/net/base/x509_util.h b/net/base/x509_util.h
index a800fdf..623e2b3 100644
--- a/net/base/x509_util.h
+++ b/net/base/x509_util.h
@@ -54,10 +54,16 @@ bool NET_EXPORT_PRIVATE CreateDomainBoundCertEC(
 //   expiration dates)
 // - If equal, prefer certificates that were issued more recently
 // - If equal, prefer shorter chains (if available)
-struct NET_EXPORT_PRIVATE ClientCertSorter {
+class NET_EXPORT_PRIVATE ClientCertSorter {
+ public:
+  ClientCertSorter();
+
   bool operator()(
       const scoped_refptr<X509Certificate>& a,
       const scoped_refptr<X509Certificate>& b) const;
+
+ private:
+  base::Time now_;
 };
 
 } // namespace x509_util