char *ocsp;
char *issuer;
char *sctl;
+ int ocsp_update_mode;
};
/*
int ssl_ocsp_update_insert(struct certificate_ocsp *ocsp);
+int ocsp_update_init(void *value, char *buf, struct ckch_data *d, char **err);
#endif /* (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) */
};
/* bind ocsp update mode */
-enum {
- SSL_SOCK_OCSP_UPDATE_DFLT = 0,
- SSL_SOCK_OCSP_UPDATE_OFF = 1,
- SSL_SOCK_OCSP_UPDATE_ON = 2,
-};
+#define SSL_SOCK_OCSP_UPDATE_OFF -1
+#define SSL_SOCK_OCSP_UPDATE_DFLT 0
+#define SSL_SOCK_OCSP_UPDATE_ON 1
/* states of the CLI IO handler for 'set ssl cert' */
enum {
{ "ocsp", offsetof(struct ckch_conf, ocsp), PARSE_TYPE_STR, ckch_conf_load_ocsp_response, ¤t_crtbase },
{ "issuer", offsetof(struct ckch_conf, issuer), PARSE_TYPE_STR, ckch_conf_load_ocsp_issuer, ¤t_crtbase },
{ "sctl", offsetof(struct ckch_conf, sctl), PARSE_TYPE_STR, ckch_conf_load_sctl, ¤t_crtbase },
+ { "ocsp-update", offsetof(struct ckch_conf, ocsp_update_mode), PARSE_TYPE_ONOFF, ocsp_update_init, NULL },
{ NULL, -1, PARSE_TYPE_STR, NULL, NULL }
};
return 0;
}
+int ocsp_update_init(void *value, char *buf, struct ckch_data *d, char **err)
+{
+ int ocsp_update_mode = *(int *)value;
+ int ret = 0;
+
+ if (ocsp_update_mode == SSL_SOCK_OCSP_UPDATE_ON) {
+ /* We might need to create the main ocsp update task */
+ ret = ssl_create_ocsp_update_task(err);
+ }
+
+ return ret;
+}
+
static struct cli_kw_list cli_kws = {{ },{
{ { "set", "ssl", "ocsp-response", NULL }, "set ssl ocsp-response <resp|payload> : update a certificate's OCSP Response from a base64-encode DER", cli_parse_set_ocspresponse, NULL },
char *err = NULL;
size_t path_len;
int inc_refcount_store = 0;
- int enable_auto_update = 0;
+ int enable_auto_update = (store->conf.ocsp_update_mode == SSL_SOCK_OCSP_UPDATE_ON) ||
+ (store->conf.ocsp_update_mode == SSL_SOCK_OCSP_UPDATE_DFLT &&
+ global_ssl.ocsp_update.mode == SSL_SOCK_OCSP_UPDATE_ON);
x = data->cert;
if (!x)
projects / thirdparty / haproxy.git / commitdiff
