Changeset a467635 in mod_gnutls
- Timestamp:
- Apr 19, 2018, 2:44:26 PM (3 years ago)
- Branches:
- asyncio, debian/master, master, proxy-ticket
- Children:
- 0cdfb19
- Parents:
- 506e64a
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_ocsp.c
r506e64a ra467635 20 20 #include "gnutls_config.h" 21 21 #include "gnutls_util.h" 22 #include "gnutls_watchdog.h" 22 23 23 24 #include <apr_escape.h> … … 25 26 #include <apr_time.h> 26 27 #include <gnutls/ocsp.h> 28 #include <mod_watchdog.h> 27 29 #include <time.h> 28 30 … … 923 925 924 926 927 /** 928 * Perform an asynchronous OCSP cache update. This is a callback for 929 * mod_watchdog, so the API is fixed. 930 * 931 * @param state watchdog state (starting/running/stopping) 932 * @param data callback data, contains the server_rec 933 * @param pool temporary callback pool destroyed after the call 934 * @return always `APR_SUCCESS` as required by the mod_watchdog API to 935 * indicate that the callback should be called again 936 */ 937 static apr_status_t mgs_async_ocsp_update(int state, 938 void *data, 939 apr_pool_t *pool __attribute__((unused))) 940 { 941 /* If the server is stopping there's no need to do an OCSP 942 * update. */ 943 if (state == AP_WATCHDOG_STATE_STOPPING) 944 return APR_SUCCESS; 945 946 server_rec *s = (server_rec *) data; 947 mgs_srvconf_rec *sc = (mgs_srvconf_rec *) 948 ap_get_module_config(s->module_config, &gnutls_module); 949 apr_time_t expiry = 0; 950 951 /* Callbacks registered to one watchdog instance are run 952 * sequentially. Child watchdog threads are created in a 953 * child_init hook, but it doesn't guarantee when callbacks will 954 * be called for the first time. 955 * 956 * Using the mutex should help avoiding duplicate OCSP requests 957 * (async and during request handling) if requests arrive before 958 * the startup run completes. However, an early request might 959 * still get in between initial OCSP caching calls. */ 960 if (state == AP_WATCHDOG_STATE_STARTING) 961 apr_global_mutex_lock(sc->ocsp_mutex); 962 apr_status_t rv = mgs_cache_ocsp_response(s, &expiry); 963 if (state == AP_WATCHDOG_STATE_STARTING) 964 apr_global_mutex_unlock(sc->ocsp_mutex); 965 966 /* TODO: error handling, fuzzy interval */ 967 968 ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, s, 969 "Async OCSP update done for %s:%d.", 970 s->server_hostname, s->addrs->host_port); 971 972 return APR_SUCCESS; 973 } 974 975 976 925 977 /* 926 978 * Like in the general post_config hook the HTTP status codes for … … 998 1050 sc); 999 1051 1052 /* The watchdog structure may be NULL if mod_watchdog is 1053 * unavailable. */ 1054 if (sc->singleton_wd != NULL) 1055 { 1056 apr_status_t rv = 1057 sc->singleton_wd->register_callback(sc->singleton_wd->wd, 1058 sc->ocsp_cache_time, 1059 server, mgs_async_ocsp_update); 1060 if (rv == APR_SUCCESS) 1061 ap_log_error(APLOG_MARK, APLOG_INFO, rv, server, 1062 "Enabled async OCSP update via watchdog " 1063 "for %s:%d", 1064 server->server_hostname, server->addrs->host_port); 1065 else 1066 ap_log_error(APLOG_MARK, APLOG_WARNING, rv, server, 1067 "Enabling async OCSP update via watchdog " 1068 "for %s:%d failed!", 1069 server->server_hostname, server->addrs->host_port); 1070 } 1071 1000 1072 return OK; 1001 1073 }
Note: See TracChangeset
for help on using the changeset viewer.