diff options
| -rw-r--r-- | security/nss/lib/certdb/crl.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c index aee251f67..a1a4ed040 100644 --- a/security/nss/lib/certdb/crl.c +++ b/security/nss/lib/certdb/crl.c @@ -1763,11 +1763,12 @@ static SECStatus DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate* /* first, make sure we have obtained all the CRLs we need. We do an expensive token fetch in the following cases : - 1) cache is explicitly set to refresh state - 2) cache is in invalid state because last fetch failed - 3) cache contains no token CRLs, and it's been more than one minute + 1) cache is empty because no fetch was ever performed yet + 2) cache is explicitly set to refresh state + 3) cache is in invalid state because last fetch failed + 4) cache contains no token CRLs, and it's been more than one minute since the last fetch - 4) cache contains token CRLs, and it's been more than 10 minutes since + 5) cache contains token CRLs, and it's been more than 10 minutes since the last fetch */ forcedrefresh = cache->refresh; @@ -1778,7 +1779,9 @@ static SECStatus DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate* now = PR_IntervalNow(); hastokenCRLs = DPCache_HasTokenCRLs(cache); } - if ( (PR_TRUE == forcedrefresh) || + if ( (0 == lastfetch) || + + (PR_TRUE == forcedrefresh) || (cache->invalid & CRL_CACHE_LAST_FETCH_FAILED) || |