Mercurial > hg > nginx-quic
annotate src/os/win32/ngx_socket.c @ 8946:496241338da5
SSL: workaround for session timeout handling with TLSv1.3.
OpenSSL with TLSv1.3 updates the session creation time on session
resumption and keeps the session timeout unmodified, making it possible
to maintain the session forever, bypassing client certificate expiration
and revocation. To make sure session timeouts are actually used, we
now update the session creation time and reduce the session timeout
accordingly.
BoringSSL with TLSv1.3 ignores configured session timeouts and uses a
hardcoded timeout instead, 7 days. So we update session timeout to
the configured value as soon as a session is created.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 12 Oct 2022 20:14:57 +0300 |
parents | efd71d49bde0 |
children |
rev | line source |
---|---|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
100
diff
changeset
|
1 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
100
diff
changeset
|
2 /* |
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
4412 | 4 * Copyright (C) Nginx, Inc. |
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
100
diff
changeset
|
5 */ |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
100
diff
changeset
|
6 |
59
e8cdc2989cee
nginx-0.0.1-2003-02-06-20:21:13 import
Igor Sysoev <igor@sysoev.ru>
parents:
3
diff
changeset
|
7 |
3
34a521b1a148
nginx-0.0.1-2002-08-20-18:48:28 import
Igor Sysoev <igor@sysoev.ru>
parents:
2
diff
changeset
|
8 #include <ngx_config.h> |
59
e8cdc2989cee
nginx-0.0.1-2003-02-06-20:21:13 import
Igor Sysoev <igor@sysoev.ru>
parents:
3
diff
changeset
|
9 #include <ngx_core.h> |
e8cdc2989cee
nginx-0.0.1-2003-02-06-20:21:13 import
Igor Sysoev <igor@sysoev.ru>
parents:
3
diff
changeset
|
10 |
2
ffffe1499bce
nginx-0.0.1-2002-08-16-19:27:03 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 |
501 | 12 int |
13 ngx_nonblocking(ngx_socket_t s) | |
2
ffffe1499bce
nginx-0.0.1-2002-08-16-19:27:03 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
14 { |
ffffe1499bce
nginx-0.0.1-2002-08-16-19:27:03 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
15 unsigned long nb = 1; |
ffffe1499bce
nginx-0.0.1-2002-08-16-19:27:03 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
16 |
ffffe1499bce
nginx-0.0.1-2002-08-16-19:27:03 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
17 return ioctlsocket(s, FIONBIO, &nb); |
ffffe1499bce
nginx-0.0.1-2002-08-16-19:27:03 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
18 } |
3
34a521b1a148
nginx-0.0.1-2002-08-20-18:48:28 import
Igor Sysoev <igor@sysoev.ru>
parents:
2
diff
changeset
|
19 |
100
7ebc8b7fb816
nginx-0.0.1-2003-06-03-19:42:58 import
Igor Sysoev <igor@sysoev.ru>
parents:
60
diff
changeset
|
20 |
501 | 21 int |
22 ngx_blocking(ngx_socket_t s) | |
3
34a521b1a148
nginx-0.0.1-2002-08-20-18:48:28 import
Igor Sysoev <igor@sysoev.ru>
parents:
2
diff
changeset
|
23 { |
34a521b1a148
nginx-0.0.1-2002-08-20-18:48:28 import
Igor Sysoev <igor@sysoev.ru>
parents:
2
diff
changeset
|
24 unsigned long nb = 0; |
34a521b1a148
nginx-0.0.1-2002-08-20-18:48:28 import
Igor Sysoev <igor@sysoev.ru>
parents:
2
diff
changeset
|
25 |
34a521b1a148
nginx-0.0.1-2002-08-20-18:48:28 import
Igor Sysoev <igor@sysoev.ru>
parents:
2
diff
changeset
|
26 return ioctlsocket(s, FIONBIO, &nb); |
34a521b1a148
nginx-0.0.1-2002-08-20-18:48:28 import
Igor Sysoev <igor@sysoev.ru>
parents:
2
diff
changeset
|
27 } |
501 | 28 |
29 | |
30 int | |
7583
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
31 ngx_socket_nread(ngx_socket_t s, int *n) |
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
32 { |
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
33 unsigned long nread; |
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
34 |
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
35 if (ioctlsocket(s, FIONREAD, &nread) == -1) { |
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
36 return -1; |
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
37 } |
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
38 |
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
39 *n = nread; |
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
40 |
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
41 return 0; |
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
42 } |
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
43 |
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
44 |
efd71d49bde0
Events: available bytes calculation via ioctl(FIONREAD).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
45 int |
501 | 46 ngx_tcp_push(ngx_socket_t s) |
47 { | |
48 return 0; | |
49 } |