diff options
| author | Shreyas Kalyan <shreyas.kalyan@10gen.com> | 2020-07-14 21:46:54 -0700 |
|---|---|---|
| committer | Shreyas Kalyan <shreyas.kalyan@10gen.com> | 2020-07-15 14:50:16 -0700 |
| commit | 072a454d3554cbbd9dea55c4aa42f22b30d6ada6 (patch) | |
| tree | 4934e58b64d94d16798ec1539e5fdeda0bdeffce /src | |
| parent | adc7a7c440481d303f8c5270de2807c1135921c3 (diff) | |
| download | mongo-072a454d3554cbbd9dea55c4aa42f22b30d6ada6.tar.gz | |
SERVER-49511 Enable support for no nextUpdate field
(cherry picked from commit 35b5c8a5054456fb80b8ef3001557e6d16a84867)
Diffstat (limited to 'src')
| -rw-r--r-- | src/mongo/util/net/ssl_manager_openssl.cpp | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp index 10723fba2bc..c7b1e291c7d 100644 --- a/src/mongo/util/net/ssl_manager_openssl.cpp +++ b/src/mongo/util/net/ssl_manager_openssl.cpp @@ -733,9 +733,9 @@ Future<UniqueOCSPResponse> retrieveOCSPResponse(const std::string& host, * and returns a set of Certificate IDs that are there in the response and a date object * which represents the time when the Response needs to be refreshed. */ -StatusWith<std::pair<OCSPCertIDSet, Date_t>> iterateResponse(OCSP_BASICRESP* basicResp, - STACK_OF(X509) * intermediateCerts) { - Date_t earliestNextUpdate = Date_t::max(); +StatusWith<std::pair<OCSPCertIDSet, boost::optional<Date_t>>> iterateResponse( + OCSP_BASICRESP* basicResp, STACK_OF(X509) * intermediateCerts) { + boost::optional<Date_t> earliestNextUpdate = boost::none; OCSPCertIDSet certIdsInResponse; @@ -766,8 +766,12 @@ StatusWith<std::pair<OCSPCertIDSet, Date_t>> iterateResponse(OCSP_BASICRESP* bas << "Unexpected OCSP Certificate Status. Reason: " << status); } - Date_t nextUpdateDate(convertASN1ToMillis(static_cast<ASN1_TIME*>(nextupd))); - earliestNextUpdate = std::min(earliestNextUpdate, nextUpdateDate); + if (nextupd) { + Date_t nextUpdateDate(convertASN1ToMillis(static_cast<ASN1_TIME*>(nextupd))); + earliestNextUpdate = earliestNextUpdate + ? boost::optional<Date_t>(std::min(earliestNextUpdate.get(), nextUpdateDate)) + : boost::optional<Date_t>(nextUpdateDate); + } } if (earliestNextUpdate < Date_t::now()) { @@ -782,7 +786,7 @@ StatusWith<std::pair<OCSPCertIDSet, Date_t>> iterateResponse(OCSP_BASICRESP* bas * the IDs of the certificates that the OCSP Response contains. The Date_t object is the * earliest expiration date on the OCSPResponse. */ -StatusWith<std::pair<OCSPCertIDSet, Date_t>> parseAndValidateOCSPResponse( +StatusWith<std::pair<OCSPCertIDSet, boost::optional<Date_t>>> parseAndValidateOCSPResponse( SSL_CTX* context, OCSP_RESPONSE* response, STACK_OF(X509) * intermediateCerts) { // Read the overall status of the OCSP response int responseStatus = OCSP_response_status(response); @@ -880,7 +884,7 @@ Future<OCSPFetchResponse> dispatchRequests(SSL_CTX* context, // If not, we pass down a bogus response, and let the caller deal with it down // there. boost::optional<Date_t> nextUpdate = swCertIDSetAndDuration.isOK() - ? boost::optional<Date_t>(swCertIDSetAndDuration.getValue().second) + ? swCertIDSetAndDuration.getValue().second : boost::none; if (state->finishLine.arriveStrongly()) { |