mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-06 23:27:04 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: Reinsert ocsp update entries later in case of unknown error

Browse Source 
In case of allocation error during the construction of an OCSP request
for instance, we would have ended reinserting the ocsp entry at the same
place in the ocsp update tree which could potentially lead to an
"endless" loop of errors in ssl_ocsp_update_responses. In such a case,
entries are now reinserted further in the tree (1 minute later) in order
to avoid such a chain of alloc failure.
This commit is contained in:
Remi Tricot-Le Breton 2023-02-28 17:46:19 +01:00 committed by William Lallemand
parent 926f34bc36
commit 6de7b78c9f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ssl_ocsp.c
View File

@ -1150,7 +1150,7 @@ static struct task *ssl_ocsp_update_responses(struct task *task, void *context,
leave: leave:
if (ctx->cur_ocsp) { if (ctx->cur_ocsp) {
/* Something went wrong, reinsert the entry in the tree. */ /* Something went wrong, reinsert the entry in the tree. */
ssl_ocsp_update_insert(ctx->cur_ocsp); ssl_ocsp_update_insert_after_error(ctx->cur_ocsp);
/* Release the reference kept on the updated ocsp response. */ /* Release the reference kept on the updated ocsp response. */
ssl_sock_free_ocsp(ctx->cur_ocsp); ssl_sock_free_ocsp(ctx->cur_ocsp);
ctx->cur_ocsp = NULL; ctx->cur_ocsp = NULL;