RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-28 00:20:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: ssl: Do not wake ocsp update task if update tree empty

Browse Source 
In the unlikely event that the ocsp update task is started but the
update tree is empty, put the update task to sleep indefinitely.
The only way this can happen is if the same certificate is loaded under
two different names while the second one has the 'ocsp-update on'
option. Since the certificate names are distinct we will have two
ckch_stores but a single certificate_ocsp because they are identified by
the OCSP_CERTID which is built out of the issuer certificate and the
certificate id (which are the same regardless of the .pem file name).
This commit is contained in:
Remi Tricot-Le Breton 2023-01-12 09:49:10 +01:00 committed by William Lallemand
parent 474f614975
commit 1c647adf46
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ssl_ocsp.c
View File

@ -1040,7 +1040,7 @@ static struct task *ssl_ocsp_update_responses(struct task *task, void *context,
eb = eb64_first(&ocsp_update_tree);
if (!eb) {
HA_SPIN_UNLOCK(OCSP_LOCK, &ocsp_tree_lock);
goto leave;
goto wait;
}
if (eb->key > now.tv_sec) {