Push the SSL_CTX session_timeout zero logic up.
This special-case is almost unexposed (the timeout is initialized to the
default) except if the caller calls SSL_CTX_set_timeout(0). Preserve
that behavior by mapping 0 to SSL_DEFAULT_SESSION_TIMEOUT in
SSL_CTX_set_timeout but simplify the internal state.
Change-Id: Ice03a519c25284b925f1e0cf485f2d8c54dc5038
Reviewed-on: https://boringssl-review.googlesource.com/13502
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a60caf0..ded5aef 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -473,12 +473,7 @@
ssl->ctx->signed_cert_timestamps_enabled;
ssl->ocsp_stapling_enabled = ssl->ctx->ocsp_stapling_enabled;
- ssl->session_timeout = SSL_DEFAULT_SESSION_TIMEOUT;
-
- /* If the context has a default timeout, use it over the default. */
- if (ctx->session_timeout != 0) {
- ssl->session_timeout = ctx->session_timeout;
- }
+ ssl->session_timeout = ctx->session_timeout;
/* If the context has an OCSP response, use it. */
if (ctx->ocsp_response != NULL) {
diff --git a/ssl/ssl_session.c b/ssl/ssl_session.c
index bd5ef76..805bd48 100644
--- a/ssl/ssl_session.c
+++ b/ssl/ssl_session.c
@@ -934,6 +934,11 @@
return 0;
}
+ /* Historically, zero was treated as |SSL_DEFAULT_SESSION_TIMEOUT|. */
+ if (timeout == 0) {
+ timeout = SSL_DEFAULT_SESSION_TIMEOUT;
+ }
+
long old_timeout = ctx->session_timeout;
ctx->session_timeout = timeout;
return old_timeout;
