RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-04-29 14:28:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: ssl: OCSP minimum update threshold not properly set

Browse Source 
An arbitrary 5 minutes minimum interval between two updates of the same
OCSP response is defined but it was not properly used when inserting
entries in the update tree.

This patch does not need to be backported.
This commit is contained in:
Remi Tricot-Le Breton 2023-01-12 09:49:08 +01:00 committed by William Lallemand
parent 145b17fd2f
commit bdd84c5ffb
1 changed files with 2 additions and 1 deletions

3
src/ssl_ocsp.c
View File

@ -869,7 +869,8 @@ int ssl_ocsp_update_insert(struct certificate_ocsp *ocsp)
* updated more than once every 5 minutes in order to avoid continuous
* update of the same response. */
if (b_data(&ocsp->response))
ocsp->next_update.key = MAX(ocsp->next_update.key, SSL_OCSP_UPDATE_DELAY_MIN);
ocsp->next_update.key = MAX(ocsp->next_update.key,
now.tv_sec + SSL_OCSP_UPDATE_DELAY_MIN);
HA_SPIN_LOCK(OCSP_LOCK, &ocsp_tree_lock);
eb64_insert(&ocsp_update_tree, &ocsp->next_update);