diff options
| author | David Benjamin <davidben@chromium.org> | 2014-08-15 01:24:37 +0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-08-18 21:25:20 +0400 |
| commit | f4501347c9f709fe3dad745ac96479513a1c9a8d (patch) | |
| tree | 4883c1fda61e331cd556246865c6c2990adf4038 /ssl/ssl_sess.c | |
| parent | 5216a931b7644a20b2a714cd80ed4bc7ae7a7d5e (diff) | |
Remove default_timeout hook.
Of the remaining implementations left, ssl3_, dtls1_, and ssl23_, dtls1_ is
redundant and can be folded into ssl3_. ssl23_ actually isn't; it sets 5
minutes rather than 2 hours. Two hours seems to be what everything else uses
and seems a saner default. Most consumers seem to override it anyway
(SSL_CTX_set_timeout). But it is a behavior change.
The method is called at two points:
- SSL_get_default_timeout
- SSL_CTX_new
Incidentally, the latter call actually makes the former never called internally
and the value it returns a lie. SSL_get_default_timeout returns the default
timeout of the /current/ method, but in ssl_get_new_session, the timeout is
shadowed by session_timeout on the context. That is initialized when
SSL_CTX_new is called. So, unless you go out of your way to
SSL_CTX_set_timeout(0), it always overrides. (And it actually used to a
difference because, for SSL23, the SSL_CTX's method is SSL23, but, when session
creation happens, the SSL's method is the version-specific one.)
Change-Id: I331d3fd69b726242b36492402717b6d0b521c6ee
Reviewed-on: https://boringssl-review.googlesource.com/1521
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/ssl_sess.c')
| -rw-r--r-- | ssl/ssl_sess.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 312a9a20..5749574c 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -209,7 +209,7 @@ SSL_SESSION *SSL_SESSION_new(void) ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ ss->references=1; - ss->timeout=60*5+4; /* 5 minute timeout by default */ + ss->timeout = SSL_DEFAULT_SESSION_TIMEOUT; ss->time=(unsigned long)time(NULL); ss->prev=NULL; ss->next=NULL; @@ -282,10 +282,8 @@ int ssl_get_new_session(SSL *s, int session) if ((ss=SSL_SESSION_new()) == NULL) return(0); - /* If the context has a default timeout, use it */ - if (s->session_ctx->session_timeout == 0) - ss->timeout=SSL_get_default_timeout(s); - else + /* If the context has a default timeout, use it over the default. */ + if (s->session_ctx->session_timeout != 0) ss->timeout=s->session_ctx->session_timeout; if (s->session != NULL) |