BUG/MINOR: ssl: OCSP minimum update threshold not properly set

An arbitrary 5 minutes minimum interval between two updates of the same
OCSP response is defined but it was not properly used when inserting
entries in the update tree.

This patch does not need to be backported.

diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index 017f018373609a8142ae2ae157f373ed6e5a45ac..53afaae8685502440732a21f1e61aadd654e3157 100644 (file)
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -869,7 +869,8 @@ int ssl_ocsp_update_insert(struct certificate_ocsp *ocsp)
         * updated more than once every 5 minutes in order to avoid continuous
         * update of the same response. */
        if (b_data(&ocsp->response))
-               ocsp->next_update.key = MAX(ocsp->next_update.key, SSL_OCSP_UPDATE_DELAY_MIN);
+               ocsp->next_update.key = MAX(ocsp->next_update.key,
+                                            now.tv_sec + SSL_OCSP_UPDATE_DELAY_MIN);
 
        HA_SPIN_LOCK(OCSP_LOCK, &ocsp_tree_lock);
        eb64_insert(&ocsp_update_tree, &ocsp->next_update);