Bug 918120: reduce soft fail ocsp timeouts to 3 secs. r=bsmith.
authorCamilo Viecco <cviecco@mozilla.com>
Mon, 23 Sep 2013 09:25:53 -0700
changeset 165430 5ee5595998460658ca101492eef576e3ca6eedb2
parent 165429 e5e074ddca9e5fa433a8537898a4a8d093e05d9c
child 165431 ad6254a681f1a662a709ac377246db96a5e9de87
push id3066
push userakeybl@mozilla.com
push dateMon, 09 Dec 2013 19:58:46 +0000
treeherdermozilla-beta@a31a0dce83aa [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbsmith
bugs918120
milestone27.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 918120: reduce soft fail ocsp timeouts to 3 secs. r=bsmith.
security/manager/ssl/src/nsNSSComponent.cpp
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -929,16 +929,22 @@ void nsNSSComponent::setValidationOption
   PrivateSSLState()->SetOCSPStaplingEnabled(ocspStaplingEnabled);
 
   setNonPkixOcspEnabled(ocspEnabled);
 
   CERT_SetOCSPFailureMode( ocspRequired ?
                            ocspMode_FailureIsVerificationFailure
                            : ocspMode_FailureIsNotAVerificationFailure);
 
+  int OCSPTimeoutSeconds = 3;
+  if (ocspRequired || anyFreshRequired) {
+    OCSPTimeoutSeconds = 10;
+  }
+  CERT_SetOCSPTimeout(OCSPTimeoutSeconds);
+
   mDefaultCertVerifier = new CertVerifier(
       aiaDownloadEnabled ? 
         CertVerifier::missing_cert_download_on : CertVerifier::missing_cert_download_off,
       crlDownloading ?
         CertVerifier::crl_download_allowed : CertVerifier::crl_local_only,
       ocspEnabled ? 
         CertVerifier::ocsp_on : CertVerifier::ocsp_off,
       ocspRequired ?