Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5424:767aa37f12de
SSL: SSL_CTX_set_timeout() now always called.
The timeout set is used by OpenSSL as a hint for clients in TLS Session
Tickets. Previous code resulted in a default timeout (5m) used for TLS
Sessions Tickets if there was no session cache configured.
Prodded by Piotr Sikora.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 14 Oct 2013 13:59:35 +0400 |
parents | 5b5a486bd40e |
children | 1356a3b96924 |
comparison
equal
deleted
inserted
replaced
5423:5b5a486bd40e | 5424:767aa37f12de |
---|---|
1702 ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, | 1702 ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, |
1703 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout) | 1703 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout) |
1704 { | 1704 { |
1705 long cache_mode; | 1705 long cache_mode; |
1706 | 1706 |
1707 SSL_CTX_set_timeout(ssl->ctx, (long) timeout); | |
1708 | |
1707 if (builtin_session_cache == NGX_SSL_NO_SCACHE) { | 1709 if (builtin_session_cache == NGX_SSL_NO_SCACHE) { |
1708 SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF); | 1710 SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF); |
1709 return NGX_OK; | 1711 return NGX_OK; |
1710 } | 1712 } |
1711 | 1713 |
1746 | 1748 |
1747 if (builtin_session_cache != NGX_SSL_DFLT_BUILTIN_SCACHE) { | 1749 if (builtin_session_cache != NGX_SSL_DFLT_BUILTIN_SCACHE) { |
1748 SSL_CTX_sess_set_cache_size(ssl->ctx, builtin_session_cache); | 1750 SSL_CTX_sess_set_cache_size(ssl->ctx, builtin_session_cache); |
1749 } | 1751 } |
1750 } | 1752 } |
1751 | |
1752 SSL_CTX_set_timeout(ssl->ctx, (long) timeout); | |
1753 | 1753 |
1754 if (shm_zone) { | 1754 if (shm_zone) { |
1755 SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session); | 1755 SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session); |
1756 SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session); | 1756 SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session); |
1757 SSL_CTX_sess_set_remove_cb(ssl->ctx, ngx_ssl_remove_session); | 1757 SSL_CTX_sess_set_remove_cb(ssl->ctx, ngx_ssl_remove_session); |