From 22e2874bf6412144ab4b51b95327306ef9609b2c Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Thu, 30 May 2024 05:02:55 +0200
Subject: Merging upstream version 126.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 security/certverifier/NSSCertDBTrustDomain.cpp | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'security')

diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp
index dc13eb0b8f..a631b50572 100644
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -476,16 +476,22 @@ Result NSSCertDBTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA,
         // candidate certificate is a third-party certificate, above.
         SECItem candidateCertDERSECItem =
             UnsafeMapInputToSECItem(candidateCertDER);
+
+    // This metric can be evaluated as many as 600 times during a cnn.com
+    // load so we avoid measuring it on Android because of the high
+    // cost of serializing the db everytime we measure.
+#ifndef MOZ_WIDGET_ANDROID
         auto timerId =
             mozilla::glean::cert_verifier::cert_trust_evaluation_time.Start();
-
+#endif
         UniqueCERTCertificate candidateCert(CERT_NewTempCertificate(
             CERT_GetDefaultCertDB(), &candidateCertDERSECItem, nullptr, false,
             true));
 
+#ifndef MOZ_WIDGET_ANDROID
         mozilla::glean::cert_verifier::cert_trust_evaluation_time
             .StopAndAccumulate(std::move(timerId));
-
+#endif
         if (!candidateCert) {
           result = MapPRErrorCodeToResult(PR_GetError());
           return;
-- 
cgit v1.2.3