Changeset e1c094c in mod_gnutls for src/gnutls_ocsp.c
- Timestamp:
- Nov 14, 2016, 2:12:53 PM (4 years ago)
- Branches:
- asyncio, debian/master, debian/stretch-backports, master, proxy-ticket, upstream
- Children:
- 9a18e30
- Parents:
- b26a792
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
src/gnutls_ocsp.c
rb26a792 re1c094c 663 663 } 664 664 665 apr_time_t expiry;666 if (check_ocsp_response(s, &resp, & expiry, nonce.size ? &nonce : NULL)665 apr_time_t next_update; 666 if (check_ocsp_response(s, &resp, &next_update, nonce.size ? &nonce : NULL) 667 667 != GNUTLS_E_SUCCESS) 668 668 { … … 676 676 gnutls_free(nonce.data); 677 677 678 /* If expiry is zero, the response does not contain a nextUpdate 679 * field. Use the default cache timeout. */ 680 if (expiry == 0) 681 expiry = apr_time_now() + sc->cache_timeout; 682 /* Apply grace time otherwise. */ 683 else 684 expiry -= sc->ocsp_grace_time; 678 apr_time_t expiry = apr_time_now() + sc->ocsp_cache_time; 679 /* Make sure that a response is not cached beyond its nextUpdate 680 * time. If the variable next_update is zero, the response does 681 * not contain a nextUpdate field. */ 682 if (next_update != 0 && next_update < expiry) 683 { 684 char date_str[APR_RFC822_DATE_LEN]; 685 apr_rfc822_date(date_str, next_update); 686 ap_log_error(APLOG_MARK, APLOG_WARNING, APR_EGENERAL, s, 687 "OCSP response timeout restricted to nextUpdate time %s. " 688 "Check if GnuTLSOCSPCacheTimeout is appropriate.", 689 date_str); 690 expiry = next_update; 691 } 685 692 686 693 int r = sc->cache->store(s, sc->ocsp->fingerprint, resp, expiry); … … 924 931 if (sc->ocsp_check_nonce == GNUTLS_ENABLED_UNSET) 925 932 sc->ocsp_check_nonce = GNUTLS_ENABLED_TRUE; 926 if (sc->ocsp_ grace_time == MGS_TIMEOUT_UNSET)927 sc->ocsp_ grace_time = apr_time_from_sec(MGS_OCSP_GRACE_TIME);933 if (sc->ocsp_cache_time == MGS_TIMEOUT_UNSET) 934 sc->ocsp_cache_time = apr_time_from_sec(MGS_OCSP_CACHE_TIMEOUT); 928 935 if (sc->ocsp_failure_timeout == MGS_TIMEOUT_UNSET) 929 936 sc->ocsp_failure_timeout = apr_time_from_sec(MGS_OCSP_FAILURE_TIMEOUT);
Note: See TracChangeset
for help on using the changeset viewer.