]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8d49253) | patch
MINOR: ssl: Add a lock to the OCSP response tree
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>
Tue, 20 Dec 2022 10:11:02 +0000 (11:11 +0100)
committerWilliam Lallemand <wlallemand@haproxy.org>
Wed, 21 Dec 2022 10:21:07 +0000 (11:21 +0100)
commit2b96364b359bcddaf65512dcaa8229281f1612d8
tree087484e9853eaae8f26ae3e0b8903baa6bc25f6atree
parent8d49253588e89108fe9dac5e3b231fcd85784b6ccommit | diff
MINOR: ssl: Add a lock to the OCSP response tree

The tree that contains OCSP responses is never locked despite being used
at runtime for OCSP stapling as well as the CLI through "set ssl cert"
and "set ssl ocsp-response" commands.
Everything works though because the certificate_ocsp structure is
refcounted and the tree's entries are cleaned up when SSL_CTXs are
destroyed (thanks to an ex_data entry in which the certificate_ocsp
pointer is stored).
This new lock will come to use when the OCSP auto update mechanism is
fully implemented because this new feature will be based on another tree
that stores the same certificate_ocsp members and updates their contents
periodically.
include/haproxy/thread.h diff | blob | blame | history
src/ssl_sock.c diff | blob | blame | history
src/thread.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git