mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-08-07 07:37:02 +02:00
6477bbd78d
This patch contains the main function of the ocsp auto update mechanism as well as an init and destroy function of the task used for this. The task is not created in this patch but in a later one. The function has two distinct parts and the branching to one or the other is completely based on the fact that the cur_ocsp pointer of the ssl_ocsp_task_ctx member is set. If the pointer is not set, we need to look at the first item of the update tree and see if it needs to be updated. If it does not we simply wait until the time is right and let the task asleep. If it does need to be updated, we simply build and send the corresponding ocsp request thanks to the http_client. The task is then sent to sleep with an expire time set to infinity. The http_client will wake it back up once the response is received (or a timeout occurs). Just note that during this whole process the cetificate_ocsp object corresponding to the entry being updated is taken out of the update tree and only stored in the ssl_ocsp_task_ctx context. Once the task is waken up by the http_client, it branches on the response processing part of the function which basically checks that the response is valid and inserts it into the ocsp_response tree. The task then goes back to sleep until another entry needs to be updated. |
||
|---|---|---|
| .. | ||
| haproxy | ||
| import | ||
| make | ||