mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-25 04:41:00 +01:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: Replace now.tv_sec with date.tv_sec in ocsp update task

Browse Source 
Instead of relying on the scheduler's timer in the main ocsp update
task, we use the actual system's date.
This commit is contained in:
Remi Tricot-Le Breton 2023-03-02 15:49:54 +01:00 committed by William Lallemand
parent 86d1e0b163
commit 56ab607c40
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/ssl_ocsp.c
View File

@ -912,7 +912,7 @@ static inline void ssl_ocsp_set_next_update(struct certificate_ocsp *ocsp)
{ {
int update_margin = (ocsp->expire >= SSL_OCSP_UPDATE_MARGIN) ? SSL_OCSP_UPDATE_MARGIN : 0; int update_margin = (ocsp->expire >= SSL_OCSP_UPDATE_MARGIN) ? SSL_OCSP_UPDATE_MARGIN : 0;
ocsp->next_update.key = MIN(now.tv_sec + global_ssl.ocsp_update.delay_max, ocsp->next_update.key = MIN(date.tv_sec + global_ssl.ocsp_update.delay_max,
ocsp->expire - update_margin); ocsp->expire - update_margin);
/* An already existing valid OCSP response that expires within less than /* An already existing valid OCSP response that expires within less than
@ -921,7 +921,7 @@ static inline void ssl_ocsp_set_next_update(struct certificate_ocsp *ocsp)
* update of the same response. */ * update of the same response. */
if (b_data(&ocsp->response)) if (b_data(&ocsp->response))
ocsp->next_update.key = MAX(ocsp->next_update.key, ocsp->next_update.key = MAX(ocsp->next_update.key,
now.tv_sec + global_ssl.ocsp_update.delay_min); date.tv_sec + global_ssl.ocsp_update.delay_min);
} }
/* /*
@ -978,8 +978,8 @@ int ssl_ocsp_update_insert_after_error(struct certificate_ocsp *ocsp)
replay_delay = MIN(SSL_OCSP_HTTP_ERR_REPLAY * (1 << ocsp->fail_count), replay_delay = MIN(SSL_OCSP_HTTP_ERR_REPLAY * (1 << ocsp->fail_count),
global_ssl.ocsp_update.delay_max); global_ssl.ocsp_update.delay_max);
if (ocsp->next_update.key < now.tv_sec + replay_delay) if (ocsp->next_update.key < date.tv_sec + replay_delay)
ocsp->next_update.key = now.tv_sec + replay_delay; ocsp->next_update.key = date.tv_sec + replay_delay;
HA_SPIN_LOCK(OCSP_LOCK, &ocsp_tree_lock); HA_SPIN_LOCK(OCSP_LOCK, &ocsp_tree_lock);
eb64_insert(&ocsp_update_tree, &ocsp->next_update); eb64_insert(&ocsp_update_tree, &ocsp->next_update);
@ -1136,7 +1136,7 @@ static struct task *ssl_ocsp_update_responses(struct task *task, void *context,
ctx->flags &= ~HC_F_RES_END; ctx->flags &= ~HC_F_RES_END;
++ocsp->num_success; ++ocsp->num_success;
ocsp->last_update = now.tv_sec; ocsp->last_update = date.tv_sec;
ctx->update_status = OCSP_UPDT_OK; ctx->update_status = OCSP_UPDT_OK;
ocsp->last_update_status = ctx->update_status; ocsp->last_update_status = ctx->update_status;
@ -1152,8 +1152,8 @@ static struct task *ssl_ocsp_update_responses(struct task *task, void *context,
/* Set next_wakeup to the new first entry of the tree */ /* Set next_wakeup to the new first entry of the tree */
eb = eb64_first(&ocsp_update_tree); eb = eb64_first(&ocsp_update_tree);
if (eb) { if (eb) {
if (eb->key > now.tv_sec) if (eb->key > date.tv_sec)
next_wakeup = (eb->key - now.tv_sec)*1000; next_wakeup = (eb->key - date.tv_sec)*1000;
else else
next_wakeup = 0; next_wakeup = 0;
} }
@ -1176,8 +1176,8 @@ static struct task *ssl_ocsp_update_responses(struct task *task, void *context,
goto wait; goto wait;
} }
if (eb->key > now.tv_sec) { if (eb->key > date.tv_sec) {
next_wakeup = (eb->key - now.tv_sec)*1000; next_wakeup = (eb->key - date.tv_sec)*1000;
HA_SPIN_UNLOCK(OCSP_LOCK, &ocsp_tree_lock); HA_SPIN_UNLOCK(OCSP_LOCK, &ocsp_tree_lock);
goto leave; goto leave;
} }
@ -1288,8 +1288,8 @@ http_error:
/* Set next_wakeup to the new first entry of the tree */ /* Set next_wakeup to the new first entry of the tree */
eb = eb64_first(&ocsp_update_tree); eb = eb64_first(&ocsp_update_tree);
if (eb) { if (eb) {
if (eb->key > now.tv_sec) if (eb->key > date.tv_sec)
next_wakeup = (eb->key - now.tv_sec)*1000; next_wakeup = (eb->key - date.tv_sec)*1000;
else else
next_wakeup = 0; next_wakeup = 0;
} }