From 05b832e03eb2a9dbf73bb672aa24d5dcad70c83b Mon Sep 17 00:00:00 2001
From: Fabian Mauchle <fabian.mauchle@switch.ch>
Date: Fri, 24 Mar 2017 14:39:41 +0100
Subject: Reset expiry timers when reloading CRLs on SIGHUP

---
 tlscommon.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/tlscommon.c b/tlscommon.c
index d2453be..8ca67f0 100644
--- a/tlscommon.c
+++ b/tlscommon.c
@@ -338,16 +338,25 @@ SSL_CTX *tlsgetctx(uint8_t type, struct tls *t) {
 void tlsreloadcrls() {
     struct tls *conf;
     struct hash_entry *entry;
+    struct timeval now;
+
+    gettimeofday(&now, NULL);
 
-    for(entry = hash_first(tlsconfs); entry; entry = hash_next(entry)) {
+    for (entry = hash_first(tlsconfs); entry; entry = hash_next(entry)) {
 	conf = (struct tls *)entry->data;
 #ifdef RADPROT_TLS
-	if(conf->tlsctx)
+	if (conf->tlsctx) {
+	    if (conf->tlsexpiry)
+		conf->tlsexpiry = now.tv_sec + conf->cacheexpiry;
 	    tlsaddcacrl(conf->tlsctx, conf);
+	}
 #endif
 #ifdef RADPROT_DTLS
-	if(conf->dtlsctx)
+	if (conf->dtlsctx) {
+	    if (conf->dtlsexpiry)
+		conf->dtlsexpiry = now.tv_sec + conf->cacheexpiry;
 	    tlsaddcacrl(conf->dtlsctx, conf);
+	}
 #endif
     }
 }
-- 
cgit v1.1