diff -up jss-4.2.6/mozilla/security/jss/lib/jss.def.orig jss-4.2.6/mozilla/security/jss/lib/jss.def
--- jss-4.2.6/mozilla/security/jss/lib/jss.def.orig 2009-11-04 14:26:26.000000000 -0800
+++ jss-4.2.6/mozilla/security/jss/lib/jss.def 2009-11-04 14:11:05.000000000 -0800
@@ -329,6 +329,8 @@ Java_org_mozilla_jss_pkcs11_PK11Token_ne
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateECKeyPairWithOpFlags;
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateRSAKeyPairWithOpFlags;
Java_org_mozilla_jss_pkcs11_PK11KeyPairGenerator_generateDSAKeyPairWithOpFlags;
+Java_org_mozilla_jss_CryptoManager_OCSPCacheSettingsNative;
+Java_org_mozilla_jss_CryptoManager_setOCSPTimeoutNative;
;+ local:
;+ *;
;+};
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c.orig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c.orig 2009-11-04 14:20:43.000000000 -0800
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c 2009-11-05 10:48:32.590000000 -0800
@@ -976,3 +976,45 @@ Java_org_mozilla_jss_CryptoManager_confi
}
}
+
+/**********************************************************************
+* OCSPCacheSettingsNative
+*
+* Allows configuration of the OCSP responder cache during runtime.
+*/
+JNIEXPORT void JNICALL
+Java_org_mozilla_jss_CryptoManager_OCSPCacheSettingsNative(
+ JNIEnv *env, jobject this,
+ jint ocsp_cache_size,
+ jint ocsp_min_cache_entry_duration,
+ jint ocsp_max_cache_entry_duration)
+{
+ SECStatus rv = SECFailure;
+
+ rv = CERT_OCSPCacheSettings(
+ ocsp_cache_size, ocsp_min_cache_entry_duration,
+ ocsp_max_cache_entry_duration);
+
+ if (rv != SECSuccess) {
+ JSS_throwMsgPrErr(env,
+ GENERAL_SECURITY_EXCEPTION,
+ "Failed to set OCSP cache: error "+ PORT_GetError());
+ }
+}
+
+JNIEXPORT void JNICALL
+Java_org_mozilla_jss_CryptoManager_setOCSPTimeoutNative(
+ JNIEnv *env, jobject this,
+ jint ocsp_timeout )
+{
+ SECStatus rv = SECFailure;
+
+ rv = CERT_SetOCSPTimeout(ocsp_timeout);
+
+ if (rv != SECSuccess) {
+ JSS_throwMsgPrErr(env,
+ GENERAL_SECURITY_EXCEPTION,
+ "Failed to set OCSP timeout: error "+ PORT_GetError());
+ }
+}
+
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java.orig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java.orig 2009-11-04 14:20:33.000000000 -0800
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.java 2009-11-05 10:48:59.415001000 -0800
@@ -1479,4 +1479,41 @@ public final class CryptoManager impleme
String ocspResponderCertNickname )
throws GeneralSecurityException;
+ /**
+ * change OCSP cache settings
+ * * @param ocsp_cache_size max cache entries
+ * * @param ocsp_min_cache_entry_duration minimum seconds to next fetch attempt
+ * * @param ocsp_max_cache_entry_duration maximum seconds to next fetch attempt
+ */
+ public void OCSPCacheSettings(
+ int ocsp_cache_size,
+ int ocsp_min_cache_entry_duration,
+ int ocsp_max_cache_entry_duration)
+ throws GeneralSecurityException
+ {
+ OCSPCacheSettingsNative(ocsp_cache_size,
+ ocsp_min_cache_entry_duration,
+ ocsp_max_cache_entry_duration);
+ }
+
+ private native void OCSPCacheSettingsNative(
+ int ocsp_cache_size,
+ int ocsp_min_cache_entry_duration,
+ int ocsp_max_cache_entry_duration)
+ throws GeneralSecurityException;
+
+ /**
+ * set OCSP timeout value
+ * * @param ocspTimeout OCSP timeout in seconds
+ */
+ public void setOCSPTimeout(
+ int ocsp_timeout )
+ throws GeneralSecurityException
+ {
+ setOCSPTimeoutNative( ocsp_timeout);
+ }
+
+ private native void setOCSPTimeoutNative(
+ int ocsp_timeout )
+ throws GeneralSecurityException;
}