Mercurial > hg > nginx
annotate src/event/ngx_event_udp.h @ 8086:496241338da5
SSL: workaround for session timeout handling with TLSv1.3.
OpenSSL with TLSv1.3 updates the session creation time on session
resumption and keeps the session timeout unmodified, making it possible
to maintain the session forever, bypassing client certificate expiration
and revocation. To make sure session timeouts are actually used, we
now update the session creation time and reduce the session timeout
accordingly.
BoringSSL with TLSv1.3 ignores configured session timeouts and uses a
hardcoded timeout instead, 7 days. So we update session timeout to
the configured value as soon as a session is created.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 12 Oct 2022 20:14:57 +0300 |
| parents | 0f6cc8f73744 |
| children | ce6d9cf0f567 |
| rev | line source |
|---|---|
|
8001
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #ifndef _NGX_EVENT_UDP_H_INCLUDED_ |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #define _NGX_EVENT_UDP_H_INCLUDED_ |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 #include <ngx_config.h> |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 #include <ngx_core.h> |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
13 |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
14 |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
15 #if !(NGX_WIN32) |
|
8002
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
16 |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
17 #if ((NGX_HAVE_MSGHDR_MSG_CONTROL) \ |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
18 && (NGX_HAVE_IP_SENDSRCADDR || NGX_HAVE_IP_RECVDSTADDR \ |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
19 || NGX_HAVE_IP_PKTINFO \ |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
20 || (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO))) |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
21 #define NGX_HAVE_ADDRINFO_CMSG 1 |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
22 |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
23 #endif |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
24 |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
25 |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
26 #if (NGX_HAVE_ADDRINFO_CMSG) |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
27 |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
28 typedef union { |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
29 #if (NGX_HAVE_IP_SENDSRCADDR || NGX_HAVE_IP_RECVDSTADDR) |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
30 struct in_addr addr; |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
31 #endif |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
32 |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
33 #if (NGX_HAVE_IP_PKTINFO) |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
34 struct in_pktinfo pkt; |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
35 #endif |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
36 |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
37 #if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO) |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
38 struct in6_pktinfo pkt6; |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
39 #endif |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
40 } ngx_addrinfo_t; |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
41 |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
42 size_t ngx_set_srcaddr_cmsg(struct cmsghdr *cmsg, |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
43 struct sockaddr *local_sockaddr); |
|
8003
0f6cc8f73744
Core: added function for local source address cmsg.
Vladimir Homutov <vl@nginx.com>
parents:
8002
diff
changeset
|
44 ngx_int_t ngx_get_srcaddr_cmsg(struct cmsghdr *cmsg, |
|
0f6cc8f73744
Core: added function for local source address cmsg.
Vladimir Homutov <vl@nginx.com>
parents:
8002
diff
changeset
|
45 struct sockaddr *local_sockaddr); |
|
8002
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
46 |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
47 #endif |
|
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
48 |
|
8001
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
49 void ngx_event_recvmsg(ngx_event_t *ev); |
|
8002
cfe1284e5d1d
Core: made the ngx_sendmsg() function non-static.
Vladimir Homutov <vl@nginx.com>
parents:
8001
diff
changeset
|
50 ssize_t ngx_sendmsg(ngx_connection_t *c, struct msghdr *msg, int flags); |
|
8001
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
51 void ngx_udp_rbtree_insert_value(ngx_rbtree_node_t *temp, |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
52 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
53 #endif |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
54 |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
55 void ngx_delete_udp_connection(void *data); |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
56 |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
57 |
|
8206ecdcd837
Core: the ngx_event_udp.h header file.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
58 #endif /* _NGX_EVENT_UDP_H_INCLUDED_ */ |