Remove default_timeout hook.

Of the remaining implementations left, ssl3_, dtls1_, and ssl23_, dtls1_ is
redundant and can be folded into ssl3_. ssl23_ actually isn't; it sets 5
minutes rather than 2 hours. Two hours seems to be what everything else uses
and seems a saner default. Most consumers seem to override it anyway
(SSL_CTX_set_timeout). But it is a behavior change.

The method is called at two points:
- SSL_get_default_timeout
- SSL_CTX_new

Incidentally, the latter call actually makes the former never called internally
and the value it returns a lie. SSL_get_default_timeout returns the default
timeout of the /current/ method, but in ssl_get_new_session, the timeout is
shadowed by session_timeout on the context. That is initialized when
SSL_CTX_new is called. So, unless you go out of your way to
SSL_CTX_set_timeout(0), it always overrides. (And it actually used to a
difference because, for SSL23, the SSL_CTX's method is SSL23, but, when session
creation happens, the SSL's method is the version-specific one.)

Change-Id: I331d3fd69b726242b36492402717b6d0b521c6ee
Reviewed-on: https://boringssl-review.googlesource.com/1521
Reviewed-by: Adam Langley <agl@google.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 86f7873a..ecc0c276 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1033,7 +1033,7 @@ int SSL_connect(SSL *s)
 
 long SSL_get_default_timeout(const SSL *s)
 	{
-	return(s->method->get_timeout());
+	return SSL_DEFAULT_SESSION_TIMEOUT;
 	}
 
 int SSL_read(SSL *s,void *buf,int num)
@@ -1929,7 +1929,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 	ret->session_cache_tail=NULL;
 
 	/* We take the system default */
-	ret->session_timeout=meth->get_timeout();
+	ret->session_timeout = SSL_DEFAULT_SESSION_TIMEOUT;
 
 	ret->new_session_cb=0;
 	ret->remove_session_cb=0;