[PATCH] SSL: respect session timeout in configs without session cache.
Piotr Sikora
piotr at cloudflare.com
Wed Oct 9 21:21:08 UTC 2013
# HG changeset patch
# User Piotr Sikora <piotr at cloudflare.com>
# Date 1381353349 25200
# Wed Oct 09 14:15:49 2013 -0700
# Node ID 6d1d1c6d346839d3ccdca92cee32bc9887c19841
# Parent 5483d9e77b3287b00b1104a07688bda37bc7351e
SSL: respect session timeout in configs without session cache.
Previously, session timeout value was used only when session cache
was configured, which meant that in configurations without it,
Session Tickets would always get 5 minutes timeout hint, regardless
of the configured session timeout.
Signed-off-by: Piotr Sikora <piotr at cloudflare.com>
diff -r 5483d9e77b32 -r 6d1d1c6d3468 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Wed Oct 02 15:07:17 2013 +0400
+++ b/src/event/ngx_event_openssl.c Wed Oct 09 14:15:49 2013 -0700
@@ -1700,7 +1700,7 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_
ngx_int_t
ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
- ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout)
+ ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone)
{
long cache_mode;
@@ -1749,8 +1749,6 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ng
}
}
- SSL_CTX_set_timeout(ssl->ctx, (long) timeout);
-
if (shm_zone) {
SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session);
SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session);
diff -r 5483d9e77b32 -r 6d1d1c6d3468 src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h Wed Oct 02 15:07:17 2013 +0400
+++ b/src/event/ngx_event_openssl.h Wed Oct 09 14:15:49 2013 -0700
@@ -115,7 +115,7 @@ RSA *ngx_ssl_rsa512_key_callback(ngx_ssl
ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
- ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout);
+ ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone);
ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data);
ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
ngx_uint_t flags);
diff -r 5483d9e77b32 -r 6d1d1c6d3468 src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c Wed Oct 02 15:07:17 2013 +0400
+++ b/src/http/modules/ngx_http_ssl_module.c Wed Oct 09 14:15:49 2013 -0700
@@ -615,9 +615,10 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
conf->shm_zone = prev->shm_zone;
}
+ SSL_CTX_set_timeout(conf->ssl.ctx, (long) conf->session_timeout);
+
if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx,
- conf->builtin_session_cache,
- conf->shm_zone, conf->session_timeout)
+ conf->builtin_session_cache, conf->shm_zone)
!= NGX_OK)
{
return NGX_CONF_ERROR;
diff -r 5483d9e77b32 -r 6d1d1c6d3468 src/mail/ngx_mail_ssl_module.c
--- a/src/mail/ngx_mail_ssl_module.c Wed Oct 02 15:07:17 2013 +0400
+++ b/src/mail/ngx_mail_ssl_module.c Wed Oct 09 14:15:49 2013 -0700
@@ -323,9 +323,10 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf,
conf->shm_zone = prev->shm_zone;
}
+ SSL_CTX_set_timeout(conf->ssl.ctx, (long) conf->session_timeout);
+
if (ngx_ssl_session_cache(&conf->ssl, &ngx_mail_ssl_sess_id_ctx,
- conf->builtin_session_cache,
- conf->shm_zone, conf->session_timeout)
+ conf->builtin_session_cache, conf->shm_zone)
!= NGX_OK)
{
return NGX_CONF_ERROR;
More information about the nginx-devel
mailing list