MINOR: ssl: Do not wake ocsp update task if update tree empty

In the unlikely event that the ocsp update task is started but the
update tree is empty, put the update task to sleep indefinitely.
The only way this can happen is if the same certificate is loaded under
two different names while the second one has the 'ocsp-update on'
option. Since the certificate names are distinct we will have two
ckch_stores but a single certificate_ocsp because they are identified by
the OCSP_CERTID which is built out of the issuer certificate and the
certificate id (which are the same regardless of the .pem file name).

diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index 53afaae8685502440732a21f1e61aadd654e3157..8f0e5ffcc1a24de2d16b04f4e0db01bd0ac007ad 100644 (file)
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -1040,7 +1040,7 @@ static struct task *ssl_ocsp_update_responses(struct task *task, void *context,
                eb = eb64_first(&ocsp_update_tree);
                if (!eb) {
                        HA_SPIN_UNLOCK(OCSP_LOCK, &ocsp_tree_lock);
-                       goto leave;
+                       goto wait;
                }
 
                if (eb->key > now.tv_sec) {