c-taylor commented on code in PR #13097:
URL: https://github.com/apache/trafficserver/pull/13097#discussion_r3112235904
##########
src/iocore/net/OCSPStapling.cc:
##########
@@ -279,17 +281,38 @@ namespace
// Cached info stored in SSL_CTX ex_info
struct certinfo {
- unsigned char idx[20]; // Index in session cache SHA1 hash of certificate
- TS_OCSP_CERTID *cid; // Certificate ID for OCSP requests or nullptr if
ID cannot be determined
- char *uri; // Responder details
- char *certname;
- char *user_agent;
- ink_mutex stapling_mutex;
- unsigned char resp_der[MAX_STAPLING_DER];
- unsigned int resp_derlen;
- bool is_prefetched;
- bool is_expire;
- time_t expire_time;
+ unsigned char idx[20] = {}; // Index in session cache SHA1 hash
of certificate
+ TS_OCSP_CERTID *cid = nullptr; // Certificate ID for OCSP requests
+ char *uri = nullptr; // Responder details
+ char *certname = nullptr;
+ char *user_agent = nullptr;
+ bool is_prefetched = false;
+
+ // OCSP response data, protected by resp_mutex.
+ // Readers take a shared lock; the updater takes an exclusive lock.
+ unsigned char resp_der[MAX_STAPLING_DER] = {};
+ unsigned int resp_derlen = 0;
+ bool is_expire = true;
+ time_t expire_time = 0;
+ mutable ts::bravo::shared_mutex resp_mutex;
Review Comment:
bravo was selected based on advice: After reviewing the use case and work
pattern, will be migrating this and
https://github.com/apache/trafficserver/pull/13098 to std:shared_mutex
1. Simplicity
2. Memory
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
