MINOR: ssl: Add ocsp update success/failure counters

Those counters will be used for debugging purposes and will be dumped
via a cli command.

2 files changed, 12 insertions, 1 deletions

diff --git a/include/haproxy/ssl_ocsp-t.h b/include/haproxy/ssl_ocsp-t.h
index e591b499b..0cb5b244a 100644
--- a/include/haproxy/ssl_ocsp-t.h
+++ b/include/haproxy/ssl_ocsp-t.h
@@ -49,6 +49,11 @@ struct certificate_ocsp {
 	STACK_OF(X509) *chain;
 	struct eb64_node next_update;	/* Key of items inserted in ocsp_update_tree (sorted by absolute date) */
 	struct buffer *uri;	/* First OCSP URI contained in the corresponding certificate */
+
+	/* OCSP update stats */
+	u64 last_update;		/* Time of last successful update */
+	unsigned int num_success;	/* Number of successful updates */
+	unsigned int num_failure;	/* Number of failed updates */
 };
 
 struct ocsp_cbk_arg {
diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index f23531aa7..d29baf188 100644
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -1043,6 +1043,9 @@ static struct task *ssl_ocsp_update_responses(struct task *task, void *context,
 
 			ctx->flags &= ~HC_F_RES_END;
 
+			++ocsp->num_success;
+			ocsp->last_update = now.tv_sec;
+
 			/* Reinsert the entry into the update list so that it can be updated later */
 			ssl_ocsp_update_insert(ocsp);
 			/* Release the reference kept on the updated ocsp response. */
@@ -1150,6 +1153,7 @@ static struct task *ssl_ocsp_update_responses(struct task *task, void *context,
 leave:
 	if (ctx->cur_ocsp) {
 		/* Something went wrong, reinsert the entry in the tree. */
+		++ctx->cur_ocsp->num_failure;
 		ssl_ocsp_update_insert_after_error(ctx->cur_ocsp);
 		/* Release the reference kept on the updated ocsp response. */
 		ssl_sock_free_ocsp(ctx->cur_ocsp);
@@ -1170,8 +1174,10 @@ wait:
 
 http_error:
 	/* Reinsert certificate into update list so that it can be updated later */
-	if (ocsp)
+	if (ocsp) {
+		++ocsp->num_failure;
 		ssl_ocsp_update_insert_after_error(ocsp);
+	}
 
 	if (hc)
 		httpclient_stop_and_destroy(hc);