Changeset 3656df0 in mod_gnutls for src/gnutls_ocsp.c
- Timestamp:
- Apr 19, 2018, 2:49:53 PM (3 years ago)
- Branches:
- asyncio, debian/master, master, proxy-ticket
- Children:
- c34a68b
- Parents:
- 6945efb
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_ocsp.c
r6945efb r3656df0 722 722 723 723 724 /* 724 /** 725 725 * Retries after failed OCSP requests must be rate limited. If the 726 726 * responder is overloaded or buggy we don't want to add too much more 727 727 * load, and if a MITM is messing with requests a repetition loop 728 * might end up being a self-inflicted denial of service. 728 * might end up being a self-inflicted denial of service. This 729 * function writes a specially formed entry to the cache to indicate a 730 * recent failure. 731 * 732 * @param s the server for which an OCSP request failed 733 * @param timeout lifetime of the cache entry 729 734 */ 730 void mgs_cache_ocsp_failure(server_rec *s)735 static void mgs_cache_ocsp_failure(server_rec *s, apr_interval_time_t timeout) 731 736 { 732 737 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) … … 738 743 .size = sizeof(c) 739 744 }; 740 apr_time_t expiry = apr_time_now() + sc->ocsp_failure_timeout;745 apr_time_t expiry = apr_time_now() + timeout; 741 746 742 747 char date_str[APR_RFC822_DATE_LEN]; … … 824 829 "Caching a fresh OCSP response failed"); 825 830 /* cache failure to rate limit retries */ 826 mgs_cache_ocsp_failure(ctxt->c->base_server); 831 mgs_cache_ocsp_failure(ctxt->c->base_server, 832 ctxt->sc->ocsp_failure_timeout); 827 833 apr_global_mutex_unlock(sc->ocsp_mutex); 828 834 goto fail_cleanup;
Note: See TracChangeset
for help on using the changeset viewer.