Module descriptionĀ¶
ocspd
consists of several modules that interact with each other in order to
keep OCSP staples up-to-date. In short, these are the modules:
Scheduler: | It is possible to schedule a task with the scheduler. It will wait for the scheduled moment and add the task to a queue to be handled by one of the other modules. |
---|---|
Finder: | Finds certificates in the specified directories. When new file are found, or existing files are changed it schedules a parsing for these certificates. |
Parser: | Parses certificates and parses them. If certificates are correct, it schedules a renewal for these certificates. |
Renewer: | The renewer takes input from the scheduler. It contacts the CA to renew an OCSP staple. After renewing the staple it schedules a new renewal and tells the scheduler to call the adder right away. |
Adder: | This is a module that can talk to the HAProxy socket to add OCSP staples without restarting HAProxy. |
This graph explains their interaction. Every arrow passes a
OCSPTaskContext
instance to the other module.