Commit 909d5dd9 authored by Tomas Krizek's avatar Tomas Krizek

Merge branch 'http-ephemeral-lifetime' into 'master'

modules/http: fix too early renewal of ephemeral certificates

See merge request !808
parents 4ce88bce c657e624
......@@ -39,6 +39,7 @@ Bugfixes
- fix fallback when SERVFAIL or REFUSED is received from upstream (!784)
- fix crash when dealing with unknown TA key algorhitm (#449)
- go insecure due to algorithm support even if DNSKEY is NODATA (!798)
- http module: fix too early renewal of ephemeral certificates (!808)
Module API changes
------------------
......
......@@ -396,7 +396,7 @@ local function add_socket(fd, kind, addr_str)
-- Create certificate renewal timer if ephemeral
if crt and conf.ephemeral then
local _, expiry = crt:getLifetime()
expiry = math.max(0, expiry - (os.time() - 3 * 24 * 3600))
expiry = 1000 * math.max(0, expiry - (os.time() - 3 * 24 * 3600))
event.after(expiry, function ()
log('[http] refreshed ephemeral certificate')
crt, key = updatecert(conf.cert, conf.key)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment