Skip to content

Commit

Permalink
Recover from failed OCSP download. (dotnet#96448)
Browse files Browse the repository at this point in the history
* Recover from failed OCSP check.

* Add 5s back-off after failed OCSP querry
  • Loading branch information
rzikm committed Jan 11, 2024
1 parent 84eb5d0 commit 3eb695a
Showing 1 changed file with 10 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,6 @@ partial void AddRootCertificate(X509Certificate2? rootCertificate, ref bool tran
_ocspResponse = ret;
_ocspExpiration = expiration;
_nextDownload = nextCheckA < nextCheckB ? nextCheckA : nextCheckB;
_pendingDownload = null;
break;
}
}
Expand All @@ -254,6 +253,16 @@ partial void AddRootCertificate(X509Certificate2? rootCertificate, ref bool tran
ArrayPool<char>.Shared.Return(rentedChars.Array!);
GC.KeepAlive(Certificate);
GC.KeepAlive(caCert);

_pendingDownload = null;
if (ret == null)
{
// all download attempts failed, don't try again for 5 seconds.
// Note that if server does not send OCSP staples, clients may still
// contact OCSP responders directly.
_nextDownload = DateTimeOffset.UtcNow.AddSeconds(5);
_ocspExpiration = _nextDownload;
}
return ret;
}
}
Expand Down

0 comments on commit 3eb695a

Please sign in to comment.