Changeset 333bbc7 in mod_gnutls for src/gnutls_ocsp.c


Ignore:
Timestamp:
Oct 27, 2016, 5:50:18 PM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
0a02378
Parents:
c6dda6d
Message:

Configurable OCSP socket timeout

Stalled OCSP requests must time out after a while to prevent stalling
the server too much. However, if the timeout is too short requests may
fail with a slow OCSP responder or high latency network
connection. Using the new GnuTLSOCSPFailureTimeout parameter users can
adjust the timeout if necessary.

All macros defining default values for OCSP related times are now
collected in gnutls_ocsp.h.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_ocsp.c

    rc6dda6d r333bbc7  
    3434#define OCSP_REQ_TYPE "application/ocsp-request"
    3535#define OCSP_RESP_TYPE "application/ocsp-response"
    36 
    37 /* Default socket timeout for OCSP responder connections, in
    38  * seconds. Note that the timeout applies to "absolutely no data sent
    39  * or received", not the whole connection. 10 seconds in mod_ssl. */
    40 #define OCSP_SOCKET_TIMEOUT 2
    4136
    4237/* Dummy data for failure cache entries (one byte). */
     
    459454     * works. */
    460455    apr_socket_t *sock;
    461     /* TODO: configurable timeout */
    462     apr_interval_time_t timeout = apr_time_from_sec(OCSP_SOCKET_TIMEOUT);
    463456    while (sa)
    464457    {
     
    467460        if (rv == APR_SUCCESS)
    468461        {
    469             apr_socket_timeout_set(sock, timeout);
     462            apr_socket_timeout_set(sock, sc->ocsp_socket_timeout);
    470463            rv = apr_socket_connect(sock, sa);
    471464            if (rv == APR_SUCCESS)
Note: See TracChangeset for help on using the changeset viewer.