From 6de7b78c9f92b3bac00e8fc678077aa6aa440876 Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Tue, 28 Feb 2023 17:46:19 +0100 Subject: [PATCH] MINOR: ssl: Reinsert ocsp update entries later in case of unknown error In case of allocation error during the construction of an OCSP request for instance, we would have ended reinserting the ocsp entry at the same place in the ocsp update tree which could potentially lead to an "endless" loop of errors in ssl_ocsp_update_responses. In such a case, entries are now reinserted further in the tree (1 minute later) in order to avoid such a chain of alloc failure. --- src/ssl_ocsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c index ef624b073..f23531aa7 100644 --- a/src/ssl_ocsp.c +++ b/src/ssl_ocsp.c @@ -1150,7 +1150,7 @@ static struct task *ssl_ocsp_update_responses(struct task *task, void *context, leave: if (ctx->cur_ocsp) { /* Something went wrong, reinsert the entry in the tree. */ - ssl_ocsp_update_insert(ctx->cur_ocsp); + ssl_ocsp_update_insert_after_error(ctx->cur_ocsp); /* Release the reference kept on the updated ocsp response. */ ssl_sock_free_ocsp(ctx->cur_ocsp); ctx->cur_ocsp = NULL;