bneradt commented on code in PR #10959:
URL: https://github.com/apache/trafficserver/pull/10959#discussion_r1443226562
##########
src/iocore/net/OCSPStapling.cc:
##########
@@ -1256,33 +1256,40 @@ ocsp_update()
time_t current_time;
SSLCertificateConfig::scoped_config certLookup;
- const unsigned ctxCount = certLookup ? certLookup->count() : 0;
Debug("ssl_ocsp", "updating OCSP data");
- for (unsigned i = 0; i < ctxCount; i++) {
- SSLCertContext *cc = certLookup->get(i);
- if (cc) {
- ctx = cc->getCtx();
- if (ctx) {
- certinfo *cinf = nullptr;
- certinfo_map *map = stapling_get_cert_info(ctx.get());
- if (map) {
- // Walk over all certs associated with this CTX
- for (auto &iter : *map) {
- cinf = iter.second;
- ink_mutex_acquire(&cinf->stapling_mutex);
- current_time = time(nullptr);
- if (cinf->resp_derlen == 0 || cinf->is_expire || cinf->expire_time
< current_time) {
- ink_mutex_release(&cinf->stapling_mutex);
- if (stapling_refresh_response(cinf, &resp)) {
- Debug("ssl_ocsp", "Successfully refreshed OCSP for %s
certificate. url=%s", cinf->certname, cinf->uri);
- Metrics::Counter::increment(ssl_rsb.ocsp_refreshed_cert);
+#ifndef OPENSSL_IS_BORINGSSL
+ const SSLCertContextType ctxTypes[] = {SSLCertContextType::GENERIC};
+#else
+ const SSLCertContextType ctxTypes[] = {SSLCertContextType::RSA,
SSLCertContextType::EC};
+#endif
+ for (auto &ctxType : ctxTypes) {
Review Comment:
I think `auto const &ctxType` would work here. (i.e., making it a const
reference).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscr...@trafficserver.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
