diff options
| author | Shreyas Kalyan <shreyas.kalyan@10gen.com> | 2020-07-14 21:46:54 -0700 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-07-15 15:35:50 +0000 |
| commit | 35b5c8a5054456fb80b8ef3001557e6d16a84867 (patch) | |
| tree | 2f50eede2d6d2cab127e4306641f97d893a695e4 | |
| parent | e4ad46c0fab6ce2b633f212db65ab5479c4c191e (diff) | |
| download | mongo-35b5c8a5054456fb80b8ef3001557e6d16a84867.tar.gz | |
SERVER-49511 Enable support for no nextUpdate field
| -rw-r--r-- | src/mongo/util/net/ssl_manager_openssl.cpp | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp index 00a30700712..64dab594ecc 100644 --- a/src/mongo/util/net/ssl_manager_openssl.cpp +++ b/src/mongo/util/net/ssl_manager_openssl.cpp @@ -744,9 +744,9 @@ Future<UniqueOCSPResponse> retrieveOCSPResponse(const std::string& host, * and returns a set of Certificate IDs that are there in the response and a date object * which represents the time when the Response needs to be refreshed. */ -StatusWith<std::pair<OCSPCertIDSet, Date_t>> iterateResponse(OCSP_BASICRESP* basicResp, - STACK_OF(X509) * intermediateCerts) { - Date_t earliestNextUpdate = Date_t::max(); +StatusWith<std::pair<OCSPCertIDSet, boost::optional<Date_t>>> iterateResponse( + OCSP_BASICRESP* basicResp, STACK_OF(X509) * intermediateCerts) { + boost::optional<Date_t> earliestNextUpdate = boost::none; OCSPCertIDSet certIdsInResponse; @@ -776,8 +776,12 @@ StatusWith<std::pair<OCSPCertIDSet, Date_t>> iterateResponse(OCSP_BASICRESP* bas << "Unexpected OCSP Certificate Status. Reason: " << status); } - Date_t nextUpdateDate(convertASN1ToMillis(static_cast<ASN1_TIME*>(nextupd))); - earliestNextUpdate = std::min(earliestNextUpdate, nextUpdateDate); + if (nextupd) { + Date_t nextUpdateDate(convertASN1ToMillis(static_cast<ASN1_TIME*>(nextupd))); + earliestNextUpdate = earliestNextUpdate + ? boost::optional<Date_t>(std::min(earliestNextUpdate.get(), nextUpdateDate)) + : boost::optional<Date_t>(nextUpdateDate); + } } if (earliestNextUpdate < Date_t::now()) { @@ -792,7 +796,7 @@ StatusWith<std::pair<OCSPCertIDSet, Date_t>> iterateResponse(OCSP_BASICRESP* bas * the IDs of the certificates that the OCSP Response contains. The Date_t object is the * earliest expiration date on the OCSPResponse. */ -StatusWith<std::pair<OCSPCertIDSet, Date_t>> parseAndValidateOCSPResponse( +StatusWith<std::pair<OCSPCertIDSet, boost::optional<Date_t>>> parseAndValidateOCSPResponse( SSL_CTX* context, OCSP_RESPONSE* response, STACK_OF(X509) * intermediateCerts) { // Read the overall status of the OCSP response int responseStatus = OCSP_response_status(response); @@ -889,7 +893,7 @@ Future<OCSPFetchResponse> dispatchRequests(SSL_CTX* context, // If not, we pass down a bogus response, and let the caller deal with it down // there. boost::optional<Date_t> nextUpdate = swCertIDSetAndDuration.isOK() - ? boost::optional<Date_t>(swCertIDSetAndDuration.getValue().second) + ? swCertIDSetAndDuration.getValue().second : boost::none; if (state->finishLine.arriveStrongly()) { |