Changeset d6834e0 in mod_gnutls for src/gnutls_config.c

Timestamp:

Jun 10, 2016, 9:34:08 AM (4 years ago)

Author:

Thomas Klute <thomas2.klute@…>

Branches:

debian/master, debian/stretch-backports, master, proxy-ticket, upstream

Children:

15b22cb

Parents:

aa68232

git-author:

Thomas Klute <thomas2.klute@…> (06/10/16 09:29:57)

git-committer:

Thomas Klute <thomas2.klute@…> (06/10/16 09:34:08)

Message:

OCSP refresh mutex: Prevent parallel requests

Add a global mutex which a thread must hold before updating a cached
OCSP response. This avoids two threads updating the same response in
parallel. The impact of parallel updates may be small with the
experimental file-based mechanism, but an extra OCSP request over HTTP
would add a lot of overhead.

Note that the new 'gnutls-ocsp' mutex is a global mutex, not one per
virtual host, because a mutex must be registered in pre_config for the
Mutex directive to work.

File:

• src/gnutls_config.c (modified) (1 diff)

src/gnutls_config.c

@@ -981 +981 @@
     sc->ocsp_response_file = NULL;
     sc->ocsp_uri = NULL;
+    sc->ocsp_mutex = NULL;
     sc->ocsp_trust = NULL;
     sc->ocsp_grace_time = apr_time_from_sec(MGS_GRACE_TIME);