Changeset 8982265 in mod_gnutls for src/gnutls_ocsp.c


Ignore:
Timestamp:
Apr 16, 2018, 8:43:01 PM (3 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports
Children:
85c5a22
Parents:
300ae82 (diff), f4ac9ccd (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge tag 'upstream/0.8.4' into debian/master

Upstream version 0.8.4

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_ocsp.c

    r300ae82 r8982265  
    11/*
    2  *  Copyright 2016 Thomas Klute
     2 *  Copyright 2016 Fiona Klute
    33 *
    44 *  Licensed under the Apache License, Version 2.0 (the "License");
     
    737737
    738738
    739 int mgs_get_ocsp_response(gnutls_session_t session __attribute__((unused)),
    740                           void *ptr,
     739int mgs_get_ocsp_response(gnutls_session_t session,
     740                          void *ptr __attribute__((unused)),
    741741                          gnutls_datum_t *ocsp_response)
    742742{
    743     mgs_handle_t *ctxt = (mgs_handle_t *) ptr;
    744     if (!ctxt->sc->ocsp_staple || ctxt->sc->cache == NULL)
     743    mgs_handle_t *ctxt = gnutls_session_get_ptr(session);
     744    mgs_srvconf_rec *sc = ctxt->sc;
     745
     746    if (!sc->ocsp_staple || sc->cache == NULL)
    745747    {
    746748        /* OCSP must be enabled and caching requires a cache. */
     
    748750    }
    749751
    750     *ocsp_response = ctxt->sc->cache->fetch(ctxt,
    751                                             ctxt->sc->ocsp->fingerprint);
     752    *ocsp_response = sc->cache->fetch(ctxt,
     753                                      sc->ocsp->fingerprint);
    752754    if (ocsp_response->size == 0)
    753755    {
     
    775777                  "No valid OCSP response in cache, trying to update.");
    776778
    777     apr_status_t rv = apr_global_mutex_trylock(ctxt->sc->ocsp_mutex);
     779    apr_status_t rv = apr_global_mutex_trylock(sc->ocsp_mutex);
    778780    if (APR_STATUS_IS_EBUSY(rv))
    779781    {
    780782        /* Another thread is currently holding the mutex, wait. */
    781         apr_global_mutex_lock(ctxt->sc->ocsp_mutex);
     783        apr_global_mutex_lock(sc->ocsp_mutex);
    782784        /* Check if this other thread updated the response we need. It
    783785         * would be better to have a vhost specific mutex, but at the
    784786         * moment there's no good way to integrate that with the
    785787         * Apache Mutex directive. */
    786         *ocsp_response = ctxt->sc->cache->fetch(ctxt,
    787                                                 ctxt->sc->ocsp->fingerprint);
     788        *ocsp_response = sc->cache->fetch(ctxt,
     789                                          sc->ocsp->fingerprint);
    788790        if (ocsp_response->size > 0)
    789791        {
    790792            /* Got a valid response now, unlock mutex and return. */
    791             apr_global_mutex_unlock(ctxt->sc->ocsp_mutex);
     793            apr_global_mutex_unlock(sc->ocsp_mutex);
    792794            return GNUTLS_E_SUCCESS;
    793795        }
     
    806808        /* cache failure to rate limit retries */
    807809        mgs_cache_ocsp_failure(ctxt->c->base_server);
    808         apr_global_mutex_unlock(ctxt->sc->ocsp_mutex);
     810        apr_global_mutex_unlock(sc->ocsp_mutex);
    809811        goto fail_cleanup;
    810812    }
    811     apr_global_mutex_unlock(ctxt->sc->ocsp_mutex);
     813    apr_global_mutex_unlock(sc->ocsp_mutex);
    812814
    813815    /* retry reading from cache */
    814     *ocsp_response = ctxt->sc->cache->fetch(ctxt,
    815                                             ctxt->sc->ocsp->fingerprint);
     816    *ocsp_response = sc->cache->fetch(ctxt,
     817                                      sc->ocsp->fingerprint);
    816818    if (ocsp_response->size == 0)
    817819    {
     
    976978                              apr_pool_cleanup_null);
    977979
     980    /* enable status request callback */
     981    gnutls_certificate_set_ocsp_status_request_function(sc->certs,
     982                                                        mgs_get_ocsp_response,
     983                                                        sc);
     984
    978985    return OK;
    979986}
Note: See TracChangeset for help on using the changeset viewer.