Hello! On Wed, Oct 09, 2013 at 02:21:08PM -0700, Piotr Sikora wrote:
> # HG changeset patch > # User Piotr Sikora <[email protected]> > # Date 1381353349 25200 > # Wed Oct 09 14:15:49 2013 -0700 > # Node ID 6d1d1c6d346839d3ccdca92cee32bc9887c19841 > # Parent 5483d9e77b3287b00b1104a07688bda37bc7351e > SSL: respect session timeout in configs without session cache. > > Previously, session timeout value was used only when session cache > was configured, which meant that in configurations without it, > Session Tickets would always get 5 minutes timeout hint, regardless > of the configured session timeout. > > Signed-off-by: Piotr Sikora <[email protected]> > > diff -r 5483d9e77b32 -r 6d1d1c6d3468 src/event/ngx_event_openssl.c > --- a/src/event/ngx_event_openssl.c Wed Oct 02 15:07:17 2013 +0400 > +++ b/src/event/ngx_event_openssl.c Wed Oct 09 14:15:49 2013 -0700 > @@ -1700,7 +1700,7 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_ > > ngx_int_t > ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, > - ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout) > + ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone) > { > long cache_mode; > > @@ -1749,8 +1749,6 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ng > } > } > > - SSL_CTX_set_timeout(ssl->ctx, (long) timeout); > - > if (shm_zone) { > SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session); > SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session); [...] I don't see a real reason for the API change, and direct use of SSL_CTX_set_timeout() in http/mail ssl modules. What about this instead: diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1704,6 +1704,8 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, { long cache_mode; + SSL_CTX_set_timeout(ssl->ctx, (long) timeout); + if (builtin_session_cache == NGX_SSL_NO_SCACHE) { SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF); return NGX_OK; @@ -1749,8 +1751,6 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, } } - SSL_CTX_set_timeout(ssl->ctx, (long) timeout); - if (shm_zone) { SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session); SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session); ? -- Maxim Dounin http://nginx.org/en/donation.html _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
