details: http://hg.nginx.org/nginx/rev/767aa37f12de
branches:
changeset: 5424:767aa37f12de
user: Maxim Dounin <mdou...@mdounin.ru>
date: Mon Oct 14 13:59:35 2013 +0400
description:
SSL: SSL_CTX_set_timeout() now always called.
The timeout set is used by OpenSSL as a hint for clients in TLS Session
Tickets. Previous code resulted in a default timeout (5m) used for TLS
Sessions Tickets if there was no session cache configured.
Prodded by Piotr Sikora.
diffstat:
src/event/ngx_event_openssl.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diffs (21 lines):
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1704,6 +1704,8 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ng
{
long cache_mode;
+ SSL_CTX_set_timeout(ssl->ctx, (long) timeout);
+
if (builtin_session_cache == NGX_SSL_NO_SCACHE) {
SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF);
return NGX_OK;
@@ -1749,8 +1751,6 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ng
}
}
- SSL_CTX_set_timeout(ssl->ctx, (long) timeout);
-
if (shm_zone) {
SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session);
SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session);
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
