Changeset 70a1e5a in mod_gnutls for src/mod_gnutls.c


Ignore:
Timestamp:
Jun 9, 2016, 5:08:30 PM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
3e22b82
Parents:
f450ac9
Message:

Introduce OCSP caching grace time

A cached OCSP response must be updated before it expires, or time skew
might cause a client to receive a response it considers expired. In
some corner cases even network transmission delay might have the same
effect. To prevent this problem let the response cache entry expire a
configurable grace time before the response does, so a fresh response
will be fetched.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/mod_gnutls.c

    rf450ac9 r70a1e5a  
    226226    "TLS Server SRP Parameters file"),
    227227#endif
    228     AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_cache_timeout,
     228    AP_INIT_TAKE1("GnuTLSCacheTimeout", mgs_set_timeout,
    229229    NULL,
    230230    RSRC_CONF,
     
    276276    RSRC_CONF,
    277277    "EXPERIMENTAL: OCSP response for stapling (must be updated externally)"),
     278    AP_INIT_TAKE1("GnuTLSOCSPGraceTime", mgs_set_timeout,
     279    NULL,
     280    RSRC_CONF,
     281    "EXPERIMENTAL: Replace cached OCSP responses this many seconds before "
     282    "they expire"),
    278283    { NULL },
    279284};
Note: See TracChangeset for help on using the changeset viewer.