From: Vladimír Čunát Date: Thu, 18 Apr 2019 15:01:12 +0000 (+0200) Subject: modules/http: fix too early renewal of ephemeral certificates X-Git-Tag: v4.0.0~2^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c657e6242d071ed7d9cd3b2ed16153c7ff62e69b;p=thirdparty%2Fknot-resolver.git modules/http: fix too early renewal of ephemeral certificates --- diff --git a/NEWS b/NEWS index 0f2d2c305..1d8651007 100644 --- a/NEWS +++ b/NEWS @@ -39,6 +39,7 @@ Bugfixes - fix fallback when SERVFAIL or REFUSED is received from upstream (!784) - fix crash when dealing with unknown TA key algorhitm (#449) - go insecure due to algorithm support even if DNSKEY is NODATA (!798) +- http module: fix too early renewal of ephemeral certificates (!808) Module API changes ------------------ diff --git a/modules/http/http.lua.in b/modules/http/http.lua.in index 4534ab2ac..e858e89d2 100644 --- a/modules/http/http.lua.in +++ b/modules/http/http.lua.in @@ -396,7 +396,7 @@ local function add_socket(fd, kind, addr_str) -- Create certificate renewal timer if ephemeral if crt and conf.ephemeral then local _, expiry = crt:getLifetime() - expiry = math.max(0, expiry - (os.time() - 3 * 24 * 3600)) + expiry = 1000 * math.max(0, expiry - (os.time() - 3 * 24 * 3600)) event.after(expiry, function () log('[http] refreshed ephemeral certificate') crt, key = updatecert(conf.cert, conf.key)