Changeset 2246a84 in mod_gnutls for include

Timestamp:

Apr 21, 2018, 3:51:51 PM (5 years ago)

Author:

Fiona Klute <fiona.klute@…>

Branches:

asyncio, debian/master, main, master, proxy-ticket

Children:

7921dc7

Parents:

fa6d0bb

Message:

Make automatic OCSP cache updates and fuzz time configurable

File:

• include/mod_gnutls.h.in (modified) (2 diffs)

include/mod_gnutls.h.in

@@ -214 +214 @@
     /* Enable OCSP stapling */
     unsigned char ocsp_staple;
+    /* Automatically refresh cached OCSP response? */
+    unsigned char ocsp_auto_refresh;
     /* Check nonce in OCSP responses? */
     unsigned char ocsp_check_nonce;
@@ -228 +230 @@
     /* If an OCSP request fails wait this long before trying again. */
     apr_interval_time_t ocsp_failure_timeout;
+    /** How long before a cached OCSP response expires should it be
+     * updated? During configuration parsing this is set to the
+     * maximum, during post configuration the value will be set to
+     * half that. After each update the interval to for the next one
+     * is choosen randomly as `ocsp_fuzz_time + ocsp_fuzz_time *
+     * RANDOM` with `0 <= RANDOM <= 1`. */
+    apr_interval_time_t ocsp_fuzz_time;
     /* Socket timeout for OCSP requests */
     apr_interval_time_t ocsp_socket_timeout;