/[pdpsoft]/nl.nikhef.pdp.fetchcrl/trunk/TrustAnchor.pm
ViewVC logotype

Diff of /nl.nikhef.pdp.fetchcrl/trunk/TrustAnchor.pm

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 2690 by davidg, Tue Mar 4 16:26:06 2014 UTC revision 2783 by davidg, Thu Apr 30 10:44:41 2015 UTC
# Line 567  sub retrieve($) { Line 567  sub retrieve($) {
567      # be used for all (like  Last-Modified, and cache control data)      # be used for all (like  Last-Modified, and cache control data)
568    
569      # if we have a cached piece of fresh data, return that one      # if we have a cached piece of fresh data, return that one
570        # and make sure the nextupdate in the CRL itself outlives claimed freshness
571      if ( !$self->{"nocache"} and      if ( !$self->{"nocache"} and
572            ($self->{"crl"}[$i]{"state"}{"freshuntil"} || 0) > time and            ($self->{"crl"}[$i]{"state"}{"freshuntil"} || 0) > time and
573            ($self->{"crl"}[$i]{"state"}{"nextupdate"} || time) >= time and            ($self->{"crl"}[$i]{"state"}{"nextupdate"} || time) >= time and
574              ($self->{"crl"}[$i]{"state"}{"nextupdate"} || 0) >=
575                  ($self->{"crl"}[$i]{"state"}{"freshuntil"} || 0) and
576            $self->{"crl"}[$i]{"state"}{"b64data"} ) {            $self->{"crl"}[$i]{"state"}{"b64data"} ) {
577        $::log->verb(3,"Using cached content for",$self->{"alias"},"index",$i);        $::log->verb(3,"Using cached content for",$self->{"alias"},"index",$i);
578        $::log->verb(4,"Content dated",        $::log->verb(4,"Content dated",
# Line 733  sub verifyAndConvertCRLs($) { Line 736  sub verifyAndConvertCRLs($) {
736      foreach my $key ( qw/ lastupdate nextupdate sha1fp issuer / ) {      foreach my $key ( qw/ lastupdate nextupdate sha1fp issuer / ) {
737        $self->{"crl"}[$i]{"state"}{$key} = $crl->getAttribute($key) || "";        $self->{"crl"}[$i]{"state"}{$key} = $crl->getAttribute($key) || "";
738      }      }
739    
740    
741        # issue a low-level warning in case the cache control headers from
742        # the CA (or its CDN) are bugus, i.e. the CRL wille expire before the
743        # cache does. Don't log at warning, since the site cannot fix this
744        if ( defined ($self->{"crl"}[$i]{"state"}{"freshuntil"}) and
745             ( $self->{"crl"}[$i]{"state"}{"freshuntil"} >
746               ( $self->{"crl"}[$i]{"state"}{"nextupdate"} +
747                 $::cnf->{_}->{expirestolerance} )
748             )
749          ) {
750          $::log->verb(1,"Cache control headers for CA ".$self->{"alias"}." at ".
751            "URL ".$self->{"crl"}[$i]{"state"}{"sourceurl"}." have apparent ".
752            "freshness ".sprintf("%.1f",($self->{"crl"}[$i]{"state"}{"freshuntil"}-
753                                 $self->{"crl"}[$i]{"state"}{"nextupdate"})/3600).
754            "hrs beyond CRL expiration nextUpdate. Reset freshness from ".
755            gmtime($self->{"crl"}[$i]{"state"}{"freshuntil"})." UTC to ".
756            $::cnf->{_}->{expirestolerance}." second before nextUpdate at ".
757            gmtime($self->{"crl"}[$i]{"state"}{"nextupdate"})." UTC.");
758          $self->{"crl"}[$i]{"state"}{"freshuntil"} =
759            $self->{"crl"}[$i]{"state"}{"nextupdate"} -
760            $::cnf->{_}->{expirestolerance};
761        }
762    
763        # limit maximum freshness period to compensate for CAs that overdo it
764        if ( defined ($self->{"crl"}[$i]{"state"}{"freshuntil"}) and
765             $self->{"crl"}[$i]{"state"}{"freshuntil"} >
766               (time + $::cnf->{_}->{maxcachetime}) ) {
767          $self->{"crl"}[$i]{"state"}{"freshuntil"} =
768            time+$::cnf->{_}->{maxcachetime};
769          $::log->verb(1,"Cache state freshness expiry for CA ".$self->{"alias"}.
770                       " reset to at most ".
771                       sprintf("%.1f",$::cnf->{_}->{maxcachetime}/3600.).
772                       "hrs beyond current time (".
773                       gmtime($self->{"crl"}[$i]{"state"}{"freshuntil"})." UTC)");
774        }
775    
776    }    }
777    return 1;    return 1;
778  }  }

Legend:
Removed from v.2690  
changed lines
  Added in v.2783

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28