Changeset 368e581 in mod_gnutls
- Timestamp:
- Jun 5, 2016, 3:42:32 PM (6 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, master, proxy-ticket, upstream
- Children:
- 08817d0
- Parents:
- 4bf4ce2
- git-author:
- Thomas Klute <thomas2.klute@…> (06/05/16 09:53:50)
- git-committer:
- Thomas Klute <thomas2.klute@…> (06/05/16 15:42:32)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_ocsp.c
r4bf4ce2 r368e581 295 295 } 296 296 297 /* TODO: make cache lifetime configurable */ 297 /* TODO: make cache lifetime configurable, make sure expiration 298 * happens without storing new data */ 298 299 int r = dbm_cache_store(s, fingerprint, 299 300 resp, apr_time_now() + apr_time_from_sec(120)); … … 317 318 mgs_handle_t *ctxt = (mgs_handle_t *) ptr; 318 319 319 apr_status_t rv = mgs_cache_ocsp_response(ctxt->c->base_server);320 if (rv != APR_SUCCESS)321 {322 ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, ctxt->c,323 "Updating OCSP response cache failed");324 return GNUTLS_E_NO_CERTIFICATE_STATUS;325 }326 327 320 gnutls_datum_t fingerprint = 328 321 mgs_get_cert_fingerprint(ctxt->c->pool, … … 343 336 return GNUTLS_E_SUCCESS; 344 337 } 338 /* get rid of invalid response (if any) */ 339 gnutls_free(ocsp_response->data); 340 341 /* If the cache had no response or an invalid one, try to update. */ 342 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, ctxt->c, 343 "No valid OCSP response in cache, trying to update."); 344 apr_status_t rv = mgs_cache_ocsp_response(ctxt->c->base_server); 345 if (rv != APR_SUCCESS) 346 { 347 ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, ctxt->c, 348 "Updating OCSP response cache failed"); 349 goto fail_cleanup; 350 } 351 352 /* retry reading from cache */ 353 *ocsp_response = dbm_cache_fetch(ctxt, fingerprint); 354 if (ocsp_response->size == 0) 355 { 356 ap_log_cerror(APLOG_MARK, APLOG_ERR, APR_EGENERAL, ctxt->c, 357 "Fetching OCSP response from cache failed on retry."); 358 } 359 else 360 { 361 /* Succeed if response is present and valid. */ 362 if (check_ocsp_response(ctxt, ocsp_response) == GNUTLS_E_SUCCESS) 363 return GNUTLS_E_SUCCESS; 364 } 345 365 346 366 /* failure, clean up response data */ 367 fail_cleanup: 347 368 gnutls_free(ocsp_response->data); 348 369 ocsp_response->size = 0;
Note: See TracChangeset
for help on using the changeset viewer.