MINOR: ssl: Reinsert ocsp update entries later in case of unknown error

In case of allocation error during the construction of an OCSP request
for instance, we would have ended reinserting the ocsp entry at the same
place in the ocsp update tree which could potentially lead to an
"endless" loop of errors in ssl_ocsp_update_responses. In such a case,
entries are now reinserted further in the tree (1 minute later) in order
to avoid such a chain of alloc failure.

diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index ef624b0733d827b9e84cad6bf47b5d19c0595bd2..f23531aa7e9ee82feda7118391a8b19c8b65b8db 100644 (file)
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -1150,7 +1150,7 @@ static struct task *ssl_ocsp_update_responses(struct task *task, void *context,
 leave:
        if (ctx->cur_ocsp) {
                /* Something went wrong, reinsert the entry in the tree. */
-               ssl_ocsp_update_insert(ctx->cur_ocsp);
+               ssl_ocsp_update_insert_after_error(ctx->cur_ocsp);
                /* Release the reference kept on the updated ocsp response. */
                ssl_sock_free_ocsp(ctx->cur_ocsp);
                ctx->cur_ocsp = NULL;