Reset expiry timers when reloading CRLs on SIGHUP

mariux64 · Mar 24, 2017 · 05b832e · 05b832e
1 parent 4f223d3
commit 05b832e
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/tlscommon.c b/tlscommon.c
@@ -338,16 +338,25 @@ SSL_CTX *tlsgetctx(uint8_t type, struct tls *t) {
 void tlsreloadcrls() {
     struct tls *conf;
     struct hash_entry *entry;
+    struct timeval now;
+
+    gettimeofday(&now, NULL);
 
-    for(entry = hash_first(tlsconfs); entry; entry = hash_next(entry)) {
+    for (entry = hash_first(tlsconfs); entry; entry = hash_next(entry)) {
 	conf = (struct tls *)entry->data;
 #ifdef RADPROT_TLS
-	if(conf->tlsctx)
+	if (conf->tlsctx) {
+	    if (conf->tlsexpiry)
+		conf->tlsexpiry = now.tv_sec + conf->cacheexpiry;
 	    tlsaddcacrl(conf->tlsctx, conf);
+	}
 #endif
 #ifdef RADPROT_DTLS
-	if(conf->dtlsctx)
+	if (conf->dtlsctx) {
+	    if (conf->dtlsexpiry)
+		conf->dtlsexpiry = now.tv_sec + conf->cacheexpiry;
 	    tlsaddcacrl(conf->dtlsctx, conf);
+	}
 #endif
     }
 }