Mercurial > hg > nginx
view src/event/ngx_event_udp.h @ 8086:496241338da5
SSL: workaround for session timeout handling with TLSv1.3.
OpenSSL with TLSv1.3 updates the session creation time on session
resumption and keeps the session timeout unmodified, making it possible
to maintain the session forever, bypassing client certificate expiration
and revocation. To make sure session timeouts are actually used, we
now update the session creation time and reduce the session timeout
accordingly.
BoringSSL with TLSv1.3 ignores configured session timeouts and uses a
hardcoded timeout instead, 7 days. So we update session timeout to
the configured value as soon as a session is created.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 12 Oct 2022 20:14:57 +0300 |
parents | 0f6cc8f73744 |
children | ce6d9cf0f567 |
line wrap: on
line source
/* * Copyright (C) Nginx, Inc. */ #ifndef _NGX_EVENT_UDP_H_INCLUDED_ #define _NGX_EVENT_UDP_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #if !(NGX_WIN32) #if ((NGX_HAVE_MSGHDR_MSG_CONTROL) \ && (NGX_HAVE_IP_SENDSRCADDR || NGX_HAVE_IP_RECVDSTADDR \ || NGX_HAVE_IP_PKTINFO \ || (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO))) #define NGX_HAVE_ADDRINFO_CMSG 1 #endif #if (NGX_HAVE_ADDRINFO_CMSG) typedef union { #if (NGX_HAVE_IP_SENDSRCADDR || NGX_HAVE_IP_RECVDSTADDR) struct in_addr addr; #endif #if (NGX_HAVE_IP_PKTINFO) struct in_pktinfo pkt; #endif #if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO) struct in6_pktinfo pkt6; #endif } ngx_addrinfo_t; size_t ngx_set_srcaddr_cmsg(struct cmsghdr *cmsg, struct sockaddr *local_sockaddr); ngx_int_t ngx_get_srcaddr_cmsg(struct cmsghdr *cmsg, struct sockaddr *local_sockaddr); #endif void ngx_event_recvmsg(ngx_event_t *ev); ssize_t ngx_sendmsg(ngx_connection_t *c, struct msghdr *msg, int flags); void ngx_udp_rbtree_insert_value(ngx_rbtree_node_t *temp, ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); #endif void ngx_delete_udp_connection(void *data); #endif /* _NGX_EVENT_UDP_H_INCLUDED_ */