From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Mon, 17 Jun 2019 14:58:49 +0000 (+0200)
Subject: modules/http ephemeral cert: update before expiration
X-Git-Tag: v4.1.0~20^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8b3164303c6a376063ffb78c997320d00f9cdab4;p=thirdparty%2Fknot-resolver.git

modules/http ephemeral cert: update before expiration

Instead of three days after.  This bug was not introduced by the recent
commits moving the code.
---

diff --git a/modules/http/http_tls_cert.lua b/modules/http/http_tls_cert.lua
index ea9dd3159..ee427018d 100644
--- a/modules/http/http_tls_cert.lua
+++ b/modules/http/http_tls_cert.lua
@@ -71,8 +71,8 @@ function tls_cert.ephemeral_state_maintain(ephem_state, certfile, keyfile)
 		s.config.ctx = ephem_state.ctx -- not required, but let's keep it synchonized
 	end
 	log('[http] created new ephemeral TLS certificate')
-	local _, lifetime_sec = certs[1]:getLifetime()
-	local wait_msec = 1000 * math.max(1, lifetime_sec - (os.time() - 3 * 24 * 3600))
+	local _, expiry_stamp = certs[1]:getLifetime()
+	local wait_msec = 1000 * math.max(1, expiry_stamp - os.time() - 3 * 24 * 3600)
 	if not ephem_state.timer_id then
 		ephem_state.timer_id = event.after(wait_msec, function ()
 			tls_cert.ephemeral_state_maintain(ephem_state, certfile, keyfile)