nginx: src/event/ngx_event_openssl.c comparison

comparison src/event/ngx_event_openssl.c @ 5424:767aa37f12de

SSL: SSL_CTX_set_timeout() now always called. The timeout set is used by OpenSSL as a hint for clients in TLS Session Tickets. Previous code resulted in a default timeout (5m) used for TLS Sessions Tickets if there was no session cache configured. Prodded by Piotr Sikora.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Mon, 14 Oct 2013 13:59:35 +0400
parents	5b5a486bd40e
children	1356a3b96924

comparison

equal deleted inserted replaced

-:5b5a486bd40e
+:767aa37f12de
 ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout)
 {
 long  cache_mode;
+SSL_CTX_set_timeout(ssl->ctx, (long) timeout);
 if (builtin_session_cache == NGX_SSL_NO_SCACHE) {
 SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF);
 return NGX_OK;
 }
 if (builtin_session_cache != NGX_SSL_DFLT_BUILTIN_SCACHE) {
 SSL_CTX_sess_set_cache_size(ssl->ctx, builtin_session_cache);
 }
 }
-SSL_CTX_set_timeout(ssl->ctx, (long) timeout);
 if (shm_zone) {
 SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session);
 SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session);
 SSL_CTX_sess_set_remove_cb(ssl->ctx, ngx_ssl_remove_session);

Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 5424:767aa37f12de