DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Delete OCSP Response cache when certificate renewed

Browse source
This commit is contained in:
wenzong 2020-09-18 14:30:08 +08:00
parent a6994bee95
commit 724646bd73
4 changed files with 59 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
rootfs/etc/nginx/lua/configuration.lua
View file

@ -11,6 +11,7 @@ local pairs = pairs
local configuration_data = ngx.shared.configuration_data
local certificate_data = ngx.shared.certificate_data
local certificate_servers = ngx.shared.certificate_servers
local ocsp_response_cache = ngx.shared.ocsp_response_cache
local EMPTY_UID = "-1"
@ -100,6 +101,11 @@ local function handle_servers()
end
for uid, cert in pairs(configuration.certificates) do
local old_cert = certificate_data:get(uid)
if old_cert ~= cert then
ocsp_response_cache:delete(uid)
end
local success, set_err, forcible = certificate_data:set(uid, cert)
if not success then
local err_msg = string.format("error setting certificate for %s: %s\n",