Skip to content

Commit

Permalink
Don't shorten OCSP expriation on failed server OCSP fetch (dotnet#96972)
Browse files Browse the repository at this point in the history
* Don't shorten OCSP expriation on failed server OCSP fetch

* Code review feedback
  • Loading branch information
rzikm authored and tmds committed Jan 23, 2024
1 parent 883110e commit cc725d3
Showing 1 changed file with 3 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -282,11 +282,10 @@ partial void AddRootCertificate(X509Certificate2? rootCertificate, ref bool tran
_pendingDownload = null;
if (ret == null)
{
// all download attempts failed, don't try again for 5 seconds.
// Note that if server does not send OCSP staples, clients may still
// contact OCSP responders directly.
// All download attempts failed, don't try again for 5 seconds.
// This backoff will be applied only if the OCSP staple is not expired.
// If it is expired, we will force-refresh it during next GetOcspResponseAsync call.
_nextDownload = DateTimeOffset.UtcNow.AddSeconds(5);
_ocspExpiration = _nextDownload;
}
return ret;
}
Expand Down

0 comments on commit cc725d3

Please sign in to comment.