BUG/MINOR: ssl: OCSP minimum update threshold not properly set An arbitrary 5 minutes minimum interval between two updates of the same OCSP response is defined but it was not properly used when inserting entries in the update tree. This patch does not need to be backported.

commit: bdd84c5ffb66a772a1713668889f25ce9d3a29d0 [log] [tgz]
author: Remi Tricot-Le Breton <rlebreton@haproxy.com> Thu Jan 12 09:49:08 2023 +0100
committer: William Lallemand <wlallemand@haproxy.org> Thu Jan 12 13:13:45 2023 +0100
tree: c88bb4a7ffcbf3de4359f68b48916b6e298faeb9
parent: 145b17fd2f6857e45ca184419f29f41343446fc5 [diff] [blame]
diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index 017f018..53afaae 100644
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c

@@ -869,7 +869,8 @@
 	 * updated more than once every 5 minutes in order to avoid continuous
 	 * update of the same response. */
 	if (b_data(&ocsp->response))
-		ocsp->next_update.key = MAX(ocsp->next_update.key, SSL_OCSP_UPDATE_DELAY_MIN);
+		ocsp->next_update.key = MAX(ocsp->next_update.key,
+                                            now.tv_sec + SSL_OCSP_UPDATE_DELAY_MIN);
 
 	HA_SPIN_LOCK(OCSP_LOCK, &ocsp_tree_lock);
 	eb64_insert(&ocsp_update_tree, &ocsp->next_update);
commit	bdd84c5ffb66a772a1713668889f25ce9d3a29d0	[log] [tgz]
author	Remi Tricot-Le Breton <rlebreton@haproxy.com>	Thu Jan 12 09:49:08 2023 +0100
committer	William Lallemand <wlallemand@haproxy.org>	Thu Jan 12 13:13:45 2023 +0100
tree	c88bb4a7ffcbf3de4359f68b48916b6e298faeb9
parent	145b17fd2f6857e45ca184419f29f41343446fc5 [diff] [blame]