diff options
author | Antonio Quartulli | 2016-12-01 18:41:45 +0800 |
---|---|---|
committer | Gert Doering | 2016-12-01 11:55:43 +0100 |
commit | ce91c187ee0dd73aa4dbe4468181db90403951ce (patch) | |
tree | 8bd56c4305f0d18bc8d307a346a4c803856f497a /src/openvpn/ssl_openssl.h | |
parent | fb56058a98dcc81b34cffbdc46417d672b8926e1 (diff) | |
download | openvpn-ce91c187ee0dd73aa4dbe4468181db90403951ce.zip openvpn-ce91c187ee0dd73aa4dbe4468181db90403951ce.tar.gz |
reload CRL only if file was modified
In order to prevent annoying delays upon client connection,
reload the CRL file only if it was modified since the last
reload operation.
If not, keep on using the already stored CRL.
This change will boost client connection time in instances
where the CRL file is quite large (dropping from several
seconds to few milliseconds).
Cc: Steffan Karger <steffan.karger@fox-it.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20161201104145.23821-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13345.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/ssl_openssl.h')
-rw-r--r-- | src/openvpn/ssl_openssl.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/openvpn/ssl_openssl.h b/src/openvpn/ssl_openssl.h index 97dc742..115ac43 100644 --- a/src/openvpn/ssl_openssl.h +++ b/src/openvpn/ssl_openssl.h @@ -49,6 +49,8 @@ */ struct tls_root_ctx { SSL_CTX *ctx; + struct timespec crl_last_mtime; + off_t crl_last_size; }; struct key_state_ssl { |