From 1c647adf465006dd95bc6bec4e46eb70f073f071 Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Thu, 12 Jan 2023 09:49:10 +0100 Subject: [PATCH] MINOR: ssl: Do not wake ocsp update task if update tree empty In the unlikely event that the ocsp update task is started but the update tree is empty, put the update task to sleep indefinitely. The only way this can happen is if the same certificate is loaded under two different names while the second one has the 'ocsp-update on' option. Since the certificate names are distinct we will have two ckch_stores but a single certificate_ocsp because they are identified by the OCSP_CERTID which is built out of the issuer certificate and the certificate id (which are the same regardless of the .pem file name). --- src/ssl_ocsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c index 53afaae..8f0e5ff 100644 --- a/src/ssl_ocsp.c +++ b/src/ssl_ocsp.c @@ -1040,7 +1040,7 @@ static struct task *ssl_ocsp_update_responses(struct task *task, void *context, eb = eb64_first(&ocsp_update_tree); if (!eb) { HA_SPIN_UNLOCK(OCSP_LOCK, &ocsp_tree_lock); - goto leave; + goto wait; } if (eb->key > now.tv_sec) { -- 1.7.10.4