Google Git
Sign in
boringssl / boringssl.git / 0b1bb12ce806e69a99ff48e01dd7d1069ca0b173^! / .
commit0b1bb12ce806e69a99ff48e01dd7d1069ca0b173[log] [tgz]
authorDavid Benjamin <davidben@google.com>Sat Jan 28 14:32:53 2017 -0500
committerAdam Langley <agl@google.com>Thu Feb 02 17:52:07 2017 +0000
treee12415e8565196291c90f746da001ce4b8299ede
parent0efa7592e3fb2ae647518a82ab19679b7c933d99 [diff]
Push the SSL_CTX session_timeout zero logic up.

This special-case is almost unexposed (the timeout is initialized to the
default) except if the caller calls SSL_CTX_set_timeout(0). Preserve
that behavior by mapping 0 to SSL_DEFAULT_SESSION_TIMEOUT in
SSL_CTX_set_timeout but simplify the internal state.

Change-Id: Ice03a519c25284b925f1e0cf485f2d8c54dc5038
Reviewed-on: https://boringssl-review.googlesource.com/13502
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 6c9822f..01433d5 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -3872,8 +3872,7 @@
    * SSL_accept which cache SSL_SESSIONS. */
   int session_cache_mode;
 
-  /* If timeout is not 0, it is the default timeout value set when SSL_new() is
-   * called.  This has been put in to make life easier to set things up */
+  /* session_timeout is the default lifetime for new sessions, in seconds. */
   long session_timeout;
 
   /* If this callback is not null, it will be called each time a session id is

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a60caf0..ded5aef 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -473,12 +473,7 @@
       ssl->ctx->signed_cert_timestamps_enabled;
   ssl->ocsp_stapling_enabled = ssl->ctx->ocsp_stapling_enabled;
 
-  ssl->session_timeout = SSL_DEFAULT_SESSION_TIMEOUT;
-
-  /* If the context has a default timeout, use it over the default. */
-  if (ctx->session_timeout != 0) {
-    ssl->session_timeout = ctx->session_timeout;
-  }
+  ssl->session_timeout = ctx->session_timeout;
 
   /* If the context has an OCSP response, use it. */
   if (ctx->ocsp_response != NULL) {

diff --git a/ssl/ssl_session.c b/ssl/ssl_session.c
index bd5ef76..805bd48 100644
--- a/ssl/ssl_session.c
+++ b/ssl/ssl_session.c

@@ -934,6 +934,11 @@
     return 0;
   }
 
+  /* Historically, zero was treated as |SSL_DEFAULT_SESSION_TIMEOUT|. */
+  if (timeout == 0) {
+    timeout = SSL_DEFAULT_SESSION_TIMEOUT;
+  }
+
   long old_timeout = ctx->session_timeout;
   ctx->session_timeout = timeout;
   return old_timeout;