diff options
author | wtc%google.com <devnull@localhost> | 2010-02-10 18:33:24 +0000 |
---|---|---|
committer | wtc%google.com <devnull@localhost> | 2010-02-10 18:33:24 +0000 |
commit | 1621918692dc1f2dc4342a3f7fc5cc42e7b06e5d (patch) | |
tree | d0ebd2375cb38e0347d4820c0b8eb2612cdccf53 /security/nss/lib/libpkix/pkix_pl_nss | |
parent | 9a9a042868be78e49c1f15cbc1d8bd836ab92d6f (diff) | |
download | nss-hg-1621918692dc1f2dc4342a3f7fc5cc42e7b06e5d.tar.gz |
Bug 526910: Increase the max response length for CRL downloads to 512 KB.
r=alexei.
Diffstat (limited to 'security/nss/lib/libpkix/pkix_pl_nss')
-rwxr-xr-x | security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c index af6ed936a..945c251f5 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c @@ -43,6 +43,13 @@ #include "pkix_pl_pk11certstore.h" +/* + * PKIX_DEFAULT_MAX_RESPONSE_LENGTH (64 * 1024) is too small for downloading + * CRLs. We observed CRLs of sizes 338759 and 439035 in practice. So we + * need to use a higher max response length for CRLs. + */ +#define PKIX_DEFAULT_MAX_CRL_RESPONSE_LENGTH (512 * 1024) + /* --Private-Pk11CertStore-Functions---------------------------------- */ /* @@ -871,6 +878,8 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, myHttpResponseDataLen = ((PKIX_PL_NssContext*)plContext)->maxResponseLength; + if (myHttpResponseDataLen < PKIX_DEFAULT_MAX_CRL_RESPONSE_LENGTH) + myHttpResponseDataLen = PKIX_DEFAULT_MAX_CRL_RESPONSE_LENGTH; /* We use a non-zero timeout, which means: - the client will use blocking I/O |