Changeset 333bbc7 in mod_gnutls for src/gnutls_ocsp.h


Ignore:
Timestamp:
Oct 27, 2016, 5:50:18 PM (4 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, proxy-ticket, upstream
Children:
0a02378
Parents:
c6dda6d
Message:

Configurable OCSP socket timeout

Stalled OCSP requests must time out after a while to prevent stalling
the server too much. However, if the timeout is too short requests may
fail with a slow OCSP responder or high latency network
connection. Using the new GnuTLSOCSPFailureTimeout parameter users can
adjust the timeout if necessary.

All macros defining default values for OCSP related times are now
collected in gnutls_ocsp.h.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_ocsp.h

    rc6dda6d r333bbc7  
    2424
    2525#define MGS_OCSP_MUTEX_NAME "gnutls-ocsp"
     26
     27/* Default OCSP response grace time in seconds */
     28#define MGS_GRACE_TIME 60
     29/* Default OCSP failure timeout in seconds */
     30#define MGS_OCSP_FAILURE_TIMEOUT 300
     31/* Default socket timeout for OCSP responder connections, in
     32 * seconds. Note that the timeout applies to "absolutely no data sent
     33 * or received", not the whole connection. 10 seconds in mod_ssl. */
     34#define MGS_OCSP_SOCKET_TIMEOUT 6
    2635
    2736/**
Note: See TracChangeset for help on using the changeset viewer.