]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ca0c84a) | patch
BUG/MINOR: ssl: Fix ocsp-update when using "add ssl crt-list"
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>
Thu, 2 Mar 2023 14:49:53 +0000 (15:49 +0100)
committerWilliam Lallemand <wlallemand@haproxy.org>
Thu, 2 Mar 2023 14:57:56 +0000 (15:57 +0100)
commit86d1e0b163f8502834de821ff3e6f20e4fb224d7
tree45fbad6c468ce4b151fa840facdc0d8b1c148439tree | snapshot
parentca0c84a50906105cfff23dcdd2e33a9a669c4e24commit | diff
BUG/MINOR: ssl: Fix ocsp-update when using "add ssl crt-list"

When adding a new certificate through the CLI and appending it to a
crt-list with the 'ocsp-update' option set, the new certificate would
not be added to the OCSP response update list.
The only thing that was missing was the copy of the ocsp_update mode
from the ssl_bind_conf into the ckch_store's object.
An extra wakeup of the update task also needed to happen in case the
newly inserted entry needs to be updated before the next wakeup of the
task.

This patch does not need to be backported.
include/haproxy/ssl_ocsp-t.h diff | blob | blame | history
reg-tests/ssl/ocsp_auto_update.vtc diff | blob | blame | history
src/ssl_crtlist.c diff | blob | blame | history
src/ssl_sock.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git