Changeset 70a1e5a in mod_gnutls for include


Ignore:
Timestamp:
Jun 9, 2016, 5:08:30 PM (18 months ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
master, debian, upstream
Children:
3e22b82
Parents:
f450ac9
Message:

Introduce OCSP caching grace time

A cached OCSP response must be updated before it expires, or time skew
might cause a client to receive a response it considers expired. In
some corner cases even network transmission delay might have the same
effect. To prevent this problem let the response cache entry expire a
configurable grace time before the response does, so a fresh response
will be fetched.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • include/mod_gnutls.h.in

    rc005645 r70a1e5a  
    217217     * certificate. */
    218218    gnutls_x509_trust_list_t *ocsp_trust;
     219    /* Cached OCSP responses expire this long before their validity
     220     * period expires. This way mod_gnutls does not staple barely
     221     * valid responses. */
     222    apr_time_t ocsp_grace_time;
    219223} mgs_srvconf_rec;
    220224
     
    380384                          const char *type, const char* arg);
    381385
    382 const char *mgs_set_cache_timeout(cmd_parms * parms, void *dummy,
    383                                   const char *arg);
     386const char *mgs_set_timeout(cmd_parms *parms, void *dummy, const char *arg);
    384387
    385388const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
Note: See TracChangeset for help on using the changeset viewer.