diff -ur qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc 
qtwebengine-opensource-src-5.6.0-beta-chimera-nss-init/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc
--- qtwebengine-opensource-src-5.6.0-beta/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc	2015-12-10 18:17:21.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-chimera-nss-init/src/3rdparty/chromium/net/socket/ssl_client_socket_openssl.cc	2016-01-14 
17:11:38.432633534 +0100
@@ -57,6 +57,10 @@
 #include "net/ssl/ssl_platform_key.h"
 #endif
 
+#if defined(USE_NSS_CERTS) || defined(OS_IOS)
+#include "net/cert_net/nss_ocsp.h"
+#endif
+
 namespace net {
 
 namespace {
@@ -795,6 +799,14 @@
   DCHECK(!ssl_);
   DCHECK(!transport_bio_);
 
+#if defined(USE_NSS_CERTS) || defined(OS_IOS)
+  if (ssl_config_.cert_io_enabled) {
+    // TODO(davidben): Move this out of SSLClientSocket. See
+    // https://crbug.com/539520.
+    EnsureNSSHttpIOInit();
+  }
+#endif
+
   SSLContext* context = SSLContext::GetInstance();
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
   
diff -ur qtwebengine-opensource-src-5.6.0-beta/src/core/config/linux.pri qtwebengine-opensource-src-5.6.0-beta-linux-pri/src/core/config/linux.pri
--- qtwebengine-opensource-src-5.6.0-beta/src/core/config/linux.pri	2015-12-14 16:27:24.000000000 +0100
+++ qtwebengine-opensource-src-5.6.0-beta-linux-pri/src/core/config/linux.pri	2016-01-14 17:31:05.765975551 +0100
@@ -18,7 +18,13 @@
     use_kerberos=0 \
     use_pango=0
 
-!use?(nss) {
+use?(nss) {
+# do a "chimera build" (BoringSSL code, NSS certs): This is the default in
+# Chromium 47+, and it is the only variant that works with NSS 3.21.
+    GYP_CONFIG += use_nss_certs=1 \
+        use_openssl=1 \
+        use_openssl_certs=0
+} else {
     GYP_CONFIG += use_nss_certs=0 \
         use_openssl=1 \
         use_openssl_certs=1