oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

In case of OCSP verification failure, referash every 5 min. In case of

Browse Source 
success, refreash 2 min before expiring or faster.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20812 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-06-03 03:35:32 +00:00
parent af5f66bb0d
commit ceb434a58b
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
kdc/pkinit.c
View File

@@ -1143,6 +1143,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
krb5_data_free(&ocsp.data);
ocsp.expire = 0;
ocsp.next_update = kdc_time + 60 * 5;
fd = open(config->pkinit_kdc_ocsp_file, O_RDONLY);
if (fd < 0) {
@@ -1186,11 +1187,13 @@ _kdc_pk_mk_pa_reply(krb5_context context,
"PK-INIT failed to verify ocsp data %d", ret);
krb5_data_free(&ocsp.data);
ocsp.expire = 0;
} else if (ocsp.expire > 180)
} else if (ocsp.expire > 180) {
ocsp.expire -= 180; /* refetch the ocsp before it expire */
ocsp.next_update = ocsp.expire;
} else {
ocsp.next_update = kdc_time;
}
out_ocsp:
ocsp.next_update = kdc_time + 3600;
ret = 0;
}