Mercurial > hg > nginx
view contrib/geo2nginx.pl @ 8086:496241338da5
SSL: workaround for session timeout handling with TLSv1.3.
OpenSSL with TLSv1.3 updates the session creation time on session
resumption and keeps the session timeout unmodified, making it possible
to maintain the session forever, bypassing client certificate expiration
and revocation. To make sure session timeouts are actually used, we
now update the session creation time and reduce the session timeout
accordingly.
BoringSSL with TLSv1.3 ignores configured session timeouts and uses a
hardcoded timeout instead, 7 days. So we update session timeout to
the configured value as soon as a session is created.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 12 Oct 2022 20:14:57 +0300 |
| parents | c9ad0d9c7d59 |
| children |
line wrap: on
line source
#!/usr/bin/perl -w # (c) Andrei Nigmatulin, 2005 # # this script provided "as is", without any warranties. use it at your own risk. # # special thanx to Andrew Sitnikov for perl port # # this script converts CSV geoip database (free download at http://www.maxmind.com/app/geoip_country) # to format, suitable for use with nginx_http_geo module (http://sysoev.ru/nginx) # # for example, line with ip range # # "62.16.68.0","62.16.127.255","1041253376","1041268735","RU","Russian Federation" # # will be converted to four subnetworks: # # 62.16.68.0/22 RU; # 62.16.72.0/21 RU; # 62.16.80.0/20 RU; # 62.16.96.0/19 RU; use warnings; use strict; while( <STDIN> ){ if (/"[^"]+","[^"]+","([^"]+)","([^"]+)","([^"]+)"/){ print_subnets($1, $2, $3); } } sub print_subnets { my ($a1, $a2, $c) = @_; my $l; while ($a1 <= $a2) { for ($l = 0; ($a1 & (1 << $l)) == 0 && ($a1 + ((1 << ($l + 1)) - 1)) <= $a2; $l++){}; print long2ip($a1) . "/" . (32 - $l) . " " . $c . ";\n"; $a1 += (1 << $l); } } sub long2ip { my $ip = shift; my $str = 0; $str = ($ip & 255); $ip >>= 8; $str = ($ip & 255).".$str"; $ip >>= 8; $str = ($ip & 255).".$str"; $ip >>= 8; $str = ($ip & 255).".$str"; }