diff options
| author | kaie%kuix.de <devnull@localhost> | 2007-12-05 07:41:19 +0000 |
|---|---|---|
| committer | kaie%kuix.de <devnull@localhost> | 2007-12-05 07:41:19 +0000 |
| commit | 61fb5e7d7350ea1e4222fd722731e8b6582064f6 (patch) | |
| tree | 1866cb2b79c24b19cabf4847d245ccf54e97aef5 | |
| parent | 505818524b00b752e919a0e4a3846f2528ad3282 (diff) | |
| download | nss-hg-61fb5e7d7350ea1e4222fd722731e8b6582064f6.tar.gz | |
Bug 406120, Allow application to specify OCSP timeout
r=nelson
| -rw-r--r-- | security/nss/lib/certhigh/ocsp.c | 14 | ||||
| -rw-r--r-- | security/nss/lib/nss/nss.def | 1 |
2 files changed, 14 insertions, 1 deletions
diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c index 140673700..a6b4a0d35 100644 --- a/security/nss/lib/certhigh/ocsp.c +++ b/security/nss/lib/certhigh/ocsp.c @@ -72,6 +72,7 @@ #define DEFAULT_OCSP_CACHE_SIZE 1000 #define DEFAULT_MINIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT 1*60*60L #define DEFAULT_MAXIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT 24*60*60L +#define DEFAULT_OSCP_TIMEOUT_SECONDS 60 #define MICROSECONDS_PER_SECOND 1000000L typedef struct OCSPCacheItemStr OCSPCacheItem; @@ -112,6 +113,7 @@ static struct OCSPGlobalStruct { PRInt32 maxCacheEntries; PRUint32 minimumSecondsToNextFetchAttempt; PRUint32 maximumSecondsToNextFetchAttempt; + PRUint32 timeoutSeconds; OCSPCacheData cache; SEC_OcspFailureMode ocspFailureMode; } OCSP_Global = { NULL, @@ -119,6 +121,7 @@ static struct OCSPGlobalStruct { DEFAULT_OCSP_CACHE_SIZE, DEFAULT_MINIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT, DEFAULT_MAXIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT, + DEFAULT_OSCP_TIMEOUT_SECONDS, {NULL, 0, NULL, NULL}, ocspMode_FailureIsVerificationFailure }; @@ -836,6 +839,14 @@ CERT_OCSPCacheSettings(PRInt32 maxCacheEntries, return SECSuccess; } +SECStatus +CERT_SetOCSPTimeout(PRUint32 seconds) +{ + /* no locking, see bug 406120 */ + OCSP_Global.timeoutSeconds = seconds; + return SECSuccess; +} + /* this function is called at NSS initialization time */ SECStatus OCSP_InitGlobal(void) { @@ -3245,6 +3256,7 @@ fetchOcspHttpClientV1(PRArenaPool *arena, - the client will use blocking I/O - TryFcn will not return WOULD_BLOCK nor a poll descriptor - it's sufficient to call TryFcn once + No lock for accessing OCSP_Global.timeoutSeconds, bug 406120 */ if ((*hcv1->createFcn)( @@ -3252,7 +3264,7 @@ fetchOcspHttpClientV1(PRArenaPool *arena, "http", path, "POST", - PR_TicksPerSecond() * 60, + PR_TicksPerSecond() * OCSP_Global.timeoutSeconds, &pRequestSession) != SECSuccess) { PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR); goto loser; diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index 7cfbb48f8..5f04e14ce 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -914,6 +914,7 @@ CERT_EncodeUserNotice; CERT_FindCRLEntryReasonExten; CERT_FindCRLNumberExten; CERT_FindNameConstraintsExten; +CERT_SetOCSPTimeout; CERT_PKIXVerifyCert; PK11_CreateGenericObject; PK11_GenerateKeyPairWithOpFlags; |