diff options
author | Remi Tricot-Le Breton <rlebreton@haproxy.com> | 2023-03-02 15:49:55 +0100 |
---|---|---|
committer | William Lallemand <wlallemand@haproxy.org> | 2023-03-02 15:57:56 +0100 |
commit | 8c20a74c90964b7bd76144fe8dbde15f227d9a04 (patch) | |
tree | 2dfb415ec15e24072391ec09a8143d1cd44e322a | |
parent | 56ab607c409dbc6f169b1066328a557c1729ea57 (diff) | |
download | haproxy-20230302-ocsp-test-3.tar.gz |
BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback20230302-ocsp-test-3
In the OCSP response callback, instead of using the actual date of the
system, the scheduler's 'now' timer is used when checking a response's
validity.
This patch can be backported to all stable versions.
-rw-r--r-- | src/ssl_ocsp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c index 9ad81b28e..9e507997c 100644 --- a/src/ssl_ocsp.c +++ b/src/ssl_ocsp.c @@ -160,7 +160,7 @@ int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg) if (!ocsp || !ocsp->response.area || !ocsp->response.data || - (ocsp->expire < now.tv_sec)) + (ocsp->expire < date.tv_sec)) return SSL_TLSEXT_ERR_NOACK; ssl_buf = OPENSSL_malloc(ocsp->response.data); |