reload CRL only if file was modified

In order to prevent annoying delays upon client connection, reload the CRL file only if it was modified since the last reload operation. If not, keep on using the already stored CRL. This change will boost client connection time in instances where the CRL file is quite large (dropping from several seconds to few milliseconds). Cc: Steffan Karger <steffan.karger@fox-it.com> Signed-off-by: Antonio Quartulli <a@unstable.cc> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <20161201104145.23821-1-a@unstable.cc> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13345.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
author: Antonio Quartulli 2016-12-01 18:41:45 +0800
committer: Gert Doering 2016-12-01 11:55:43 +0100
commit: ce91c187ee0dd73aa4dbe4468181db90403951ce (patch)
tree: 8bd56c4305f0d18bc8d307a346a4c803856f497a /src/openvpn/ssl_openssl.h
parent: fb56058a98dcc81b34cffbdc46417d672b8926e1 (diff)
download: openvpn-ce91c187ee0dd73aa4dbe4468181db90403951ce.zip
openvpn-ce91c187ee0dd73aa4dbe4468181db90403951ce.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/src/openvpn/ssl_openssl.h b/src/openvpn/ssl_openssl.h
index 97dc742..115ac43 100644
--- a/src/openvpn/ssl_openssl.h
+++ b/src/openvpn/ssl_openssl.h
@@ -49,6 +49,8 @@
  */
 struct tls_root_ctx {
     SSL_CTX *ctx;
+    struct timespec crl_last_mtime;
+    off_t crl_last_size;
 };
 
 struct key_state_ssl {
author	Antonio Quartulli	2016-12-01 18:41:45 +0800
committer	Gert Doering	2016-12-01 11:55:43 +0100
commit	ce91c187ee0dd73aa4dbe4468181db90403951ce (patch)
tree	8bd56c4305f0d18bc8d307a346a4c803856f497a /src/openvpn/ssl_openssl.h
parent	fb56058a98dcc81b34cffbdc46417d672b8926e1 (diff)
download	openvpn-ce91c187ee0dd73aa4dbe4468181db90403951ce.zip openvpn-ce91c187ee0dd73aa4dbe4468181db90403951ce.tar.gz