This is an automated email from the ASF dual-hosted git repository. cmcfarlen pushed a commit to branch 10.2.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit a63417f33db888e2ee30516c655b392851ee0362 Author: Evan Zelkowitz <[email protected]> AuthorDate: Wed Jul 1 15:26:43 2026 -0600 Throttle OCSP cert-status error instead of logging on every handshake (#13312) ssl_callback_ocsp_stapling() emitted an Error on every TLS handshake when a cert's OCSP response was missing or expired, which could flood error.log. Use SiteThrottledError so ops are still alerted at Error severity but the message is rate-limited per call site (default 60s) with a suppressed-count. Co-authored-by: Evan Zelkowitz <[email protected]> (cherry picked from commit 82c4de1609a7f25a4e9fbd71e5a7d07b24495ea7) --- src/iocore/net/OCSPStapling.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/iocore/net/OCSPStapling.cc b/src/iocore/net/OCSPStapling.cc index 342e0dea49..e1c2e4ca3b 100644 --- a/src/iocore/net/OCSPStapling.cc +++ b/src/iocore/net/OCSPStapling.cc @@ -1423,7 +1423,7 @@ ssl_callback_ocsp_stapling(SSL *ssl, void *) time_t current_time = time(nullptr); if ((cinf->resp_derlen == 0 || cinf->is_expire) || (cinf->expire_time < current_time && !cinf->is_prefetched)) { ink_mutex_release(&cinf->stapling_mutex); - Error("ssl_callback_ocsp_stapling: failed to get certificate status for %s", cinf->certname); + SiteThrottledError("ssl_callback_ocsp_stapling: failed to get certificate status for %s", cinf->certname); return SSL_TLSEXT_ERR_NOACK; } else { #ifdef OPENSSL_IS_BORINGSSL
