)]}' { "commit": "123db570097d6373ed501cf693452dc33fc532cb", "tree": "9264269086f9b1fb21a42228eed4f2ee27ffdb78", "parents": [ "e75cc2766ca8e6d8a9378171f56d2d71882d7da9" ], "author": { "name": "David Benjamin", "email": "davidben@google.com", "time": "Thu Nov 03 16:59:25 2016 -0400" }, "committer": { "name": "CQ bot account: commit-bot@chromium.org", "email": "commit-bot@chromium.org", "time": "Tue Nov 08 23:51:10 2016 +0000" }, "message": "Measure session-\u003etimeout from ticket issuance.\n\nThe distinction for full handshakes is not meaningful (the timestamp is\ncurrently the start of the handshake), but for renewed sessions, we\ncurrently retain the timestamp of the original issuance.\n\nInstead, when minting or receiving tickets, adjust session-\u003etime and\nsession-\u003etimeout so that session-\u003etime is the ticket issuance time.\n\nThis is still not our final TLS 1.3 behavior (which will need a both\nrenewable and non-renewable times to honor the server ticket lifetime),\nbut it gets us closer and unblocks handling ticket_age_add from TLS 1.3\ndraft 18 and sends the correct NewSessionTicket lifetime.\n\nThis fixes the ticket lifetime hint which we emit on the server to\nmirror the true ticket lifetime. It also fixes the TLS 1.3 server code\nto not set the ticket lifetime hint. There is no need to waste ticket\nsize with it, it is no longer a \"hint\" in TLS 1.3, and even in the TLS\n1.3 code we didn\u0027t fill it in on the server.\n\nChange-Id: I140541f1005a24e53e1b1eaa90996d6dada1c3a1\nReviewed-on: https://boringssl-review.googlesource.com/12105\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\nCQ-Verified: CQ bot account: commit-bot@chromium.org \u003ccommit-bot@chromium.org\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "3ddca6fd51f3b48fd62b144a8578fc2c7978c52d", "old_mode": 33188, "old_path": "include/openssl/ssl.h", "new_id": "c83299a069589b53926f4c360f62197baee0d445", "new_mode": 33188, "new_path": "include/openssl/ssl.h" }, { "type": "modify", "old_id": "d5a10031d05943d0930978d63ab90c2b7e079bd2", "old_mode": 33188, "old_path": "ssl/handshake_client.c", "new_id": "1a0cbbf5e9c2edebebc1bd96552ca4dab2ee9c8d", "new_mode": 33188, "new_path": "ssl/handshake_client.c" }, { "type": "modify", "old_id": "14229cbdc45e9831dcc83d270704f6f326364979", "old_mode": 33188, "old_path": "ssl/handshake_server.c", "new_id": "285bd84ffeefbee95f8a65a4ab8e034b2fde3430", "new_mode": 33188, "new_path": "ssl/handshake_server.c" }, { "type": "modify", "old_id": "26685596536bdea789822299e4cdda77ffdf2e9b", "old_mode": 33188, "old_path": "ssl/internal.h", "new_id": "ecf2d0c26ea17ad1d50972f62070fd178ef4ad1e", "new_mode": 33188, "new_path": "ssl/internal.h" }, { "type": "modify", "old_id": "bb7198e2e2d154cd8394399b87c8ef8243e478fe", "old_mode": 33188, "old_path": "ssl/ssl_session.c", "new_id": "2c074b735012bfdad1d646953ba82b25797955f7", "new_mode": 33188, "new_path": "ssl/ssl_session.c" }, { "type": "modify", "old_id": "9198a2881274596e00e2f9f62e8fb2c898d32b1f", "old_mode": 33188, "old_path": "ssl/ssl_test.cc", "new_id": "5eede01054553f88858475de2664a98d82dd929f", "new_mode": 33188, "new_path": "ssl/ssl_test.cc" }, { "type": "modify", "old_id": "409dc24bc905fec8d843c65bbea119d5512e4495", "old_mode": 33188, "old_path": "ssl/tls13_client.c", "new_id": "fd60bd3548c3bcd763848c8bd022e31f413071a4", "new_mode": 33188, "new_path": "ssl/tls13_client.c" }, { "type": "modify", "old_id": "f6c70c6faea3127715a1aa31f58059bad48feb33", "old_mode": 33188, "old_path": "ssl/tls13_server.c", "new_id": "2b82401252f385be4a36aec4df51135a62483f21", "new_mode": 33188, "new_path": "ssl/tls13_server.c" } ] }