module Mongo::Socket::OcspCache
This module caches OCSP responses for their indicated validity time.
The key is the CertificateId used for the OCSP request. The value is the SingleResponse.
@api private
Constants
- LOCK
Public Instance Methods
clear()
click to toggle source
Clears the driver's OCSP response cache.
@note Use Mongo#clear_ocsp_cache from applications instead of invoking
this method directly.
# File lib/mongo/socket/ocsp_cache.rb, line 83 def clear responses.replace([]) end
delete(cert_id)
click to toggle source
# File lib/mongo/socket/ocsp_cache.rb, line 73 def delete(cert_id) responses.delete_if do |resp| resp.certid.cmp(cert_id) end end
get(cert_id)
click to toggle source
Retrieves a cached SingleResponse for the specified CertificateId.
This method may return expired responses if they are revoked. Such responses were valid when they were first received.
This method may also return responses that are valid but that may expire by the time caller uses them. The caller should not perform update time checks on the returned response.
@return [ OpenSSL::OCSP::SingleResponse ] The previously
retrieved response.
# File lib/mongo/socket/ocsp_cache.rb, line 43 def get(cert_id) resp = responses.detect do |resp| resp.certid.cmp(cert_id) end if resp # Only expire responses with good status. # Once a certificate is revoked, it should stay revoked forever, # hence we should be able to cache revoked responses indefinitely. if resp.cert_status == OpenSSL::OCSP::V_CERTSTATUS_GOOD && resp.next_update < Time.now then responses.delete(resp) resp = nil end end # If we have connected to a server and cached the OCSP response for it, # and then never connect to that server again, the cached OCSP response # is going to remain in memory indefinitely. Periodically remove all # expired OCSP responses, not just the ones matching the certificate id # we are querying by. if rand < 0.01 responses.delete_if do |resp| resp.next_update < Time.now end end resp end
responses()
click to toggle source
# File lib/mongo/socket/ocsp_cache.rb, line 91 def responses LOCK.synchronize do @responses ||= [] end end
set(cert_id, response)
click to toggle source
# File lib/mongo/socket/ocsp_cache.rb, line 27 def set(cert_id, response) delete(cert_id) responses << response end