- Timestamp:
- Jun 9, 2016, 5:08:30 PM (6 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, master, proxy-ticket, upstream
- Children:
- 3e22b82
- Parents:
- f450ac9
- Location:
- src
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_config.c
rf450ac9 r70a1e5a 24 24 25 25 #define INIT_CA_SIZE 128 26 /* Default OCSP response grace time in seconds */ 27 #define MGS_GRACE_TIME 60 26 28 27 29 #ifdef APLOG_USE_MODULE … … 727 729 } 728 730 729 const char *mgs_set_cache_timeout(cmd_parms * parms, void *dummy __attribute__((unused)), 730 const char *arg) { 731 int argint; 731 const char *mgs_set_timeout(cmd_parms * parms, 732 void *dummy __attribute__((unused)), 733 const char *arg) 734 { 732 735 const char *err; 733 mgs_srvconf_rec *sc = 734 (mgs_srvconf_rec *) ap_get_module_config(parms->server-> 735 module_config, 736 &gnutls_module); 737 738 if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) { 739 return err; 740 } 741 742 argint = atoi(arg); 743 744 if (argint < 0) { 745 return "GnuTLSCacheTimeout: Invalid argument"; 746 } else if (argint == 0) { 747 sc->cache_timeout = 0; 748 } else { 749 sc->cache_timeout = apr_time_from_sec(argint); 750 } 736 if ((err = ap_check_cmd_context(parms, GLOBAL_ONLY))) 737 return err; 738 739 apr_int64_t argint = apr_atoi64(arg); 740 if (argint < 0) 741 return apr_psprintf(parms->pool, "%s: Invalid argument", 742 parms->directive->directive); 743 744 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 745 ap_get_module_config(parms->server->module_config, &gnutls_module); 746 747 if (!apr_strnatcasecmp(parms->directive->directive, "GnuTLSCacheTimeout")) 748 sc->cache_timeout = apr_time_from_sec(argint); 749 else if (!apr_strnatcasecmp(parms->directive->directive, 750 "GnuTLSOCSPGraceTime")) 751 sc->ocsp_grace_time = apr_time_from_sec(argint); 752 else 753 /* Can't happen unless there's a serious bug in mod_gnutls or Apache */ 754 return apr_psprintf(parms->pool, 755 "mod_gnutls: %s called for invalid option '%s'", 756 __func__, parms->directive->directive); 751 757 752 758 return NULL; … … 976 982 sc->ocsp_uri = NULL; 977 983 sc->ocsp_trust = NULL; 984 sc->ocsp_grace_time = apr_time_from_sec(MGS_GRACE_TIME); 978 985 979 986 /* this relies on GnuTLS never changing the gnutls_certificate_request_t enum to define -1 */ … … 1036 1043 gnutls_srvconf_assign(ocsp_uri); 1037 1044 gnutls_srvconf_assign(ocsp_trust); 1045 gnutls_srvconf_merge(ocsp_grace_time, apr_time_from_sec(MGS_GRACE_TIME)); 1038 1046 1039 1047 /* FIXME: the following items are pre-allocated, and should be -
src/gnutls_ocsp.c
rf450ac9 r70a1e5a 396 396 if (expiry == 0) 397 397 expiry = apr_time_now() + sc->cache_timeout; 398 399 /* TODO: configurable refresh independent of expiration */ 398 /* Apply grace time otherwise. */ 399 else 400 expiry -= sc->ocsp_grace_time; 401 400 402 int r = dbm_cache_store(s, fingerprint, resp, expiry); 401 403 /* destroy pool, and original copy of the OCSP response with it */ -
src/mod_gnutls.c
rf450ac9 r70a1e5a 226 226 "TLS Server SRP Parameters file"), 227 227 #endif 228 AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_ cache_timeout,228 AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_timeout, 229 229 NULL, 230 230 RSRC_CONF, … … 276 276 RSRC_CONF, 277 277 "EXPERIMENTAL: OCSP response for stapling (must be updated externally)"), 278 AP_INIT_TAKE1("GnuTLSOCSPGraceTime", mgs_set_timeout, 279 NULL, 280 RSRC_CONF, 281 "EXPERIMENTAL: Replace cached OCSP responses this many seconds before " 282 "they expire"), 278 283 { NULL }, 279 284 };
Note: See TracChangeset
for help on using the changeset viewer.