diff options
Diffstat (limited to 'src/lib/libssl/ssl_sess.c')
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index c67ae1c22f..c032154d48 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -205,7 +205,7 @@ SSL_SESSION_new(void) | |||
| 205 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ | 205 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ |
| 206 | ss->references = 1; | 206 | ss->references = 1; |
| 207 | ss->timeout=60*5+4; /* 5 minute timeout by default */ | 207 | ss->timeout=60*5+4; /* 5 minute timeout by default */ |
| 208 | ss->time = (unsigned long)time(NULL); | 208 | ss->time = time(NULL); |
| 209 | ss->prev = NULL; | 209 | ss->prev = NULL; |
| 210 | ss->next = NULL; | 210 | ss->next = NULL; |
| 211 | ss->compress_meth = 0; | 211 | ss->compress_meth = 0; |
| @@ -555,7 +555,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, | |||
| 555 | goto err; | 555 | goto err; |
| 556 | } | 556 | } |
| 557 | 557 | ||
| 558 | if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ | 558 | if (ret->timeout < (time(NULL) - ret->time)) /* timeout */ |
| 559 | { | 559 | { |
| 560 | s->session_ctx->stats.sess_timeout++; | 560 | s->session_ctx->stats.sess_timeout++; |
| 561 | if (try_session_cache) { | 561 | if (try_session_cache) { |
| @@ -699,7 +699,6 @@ SSL_SESSION_free(SSL_SESSION *ss) | |||
| 699 | 699 | ||
| 700 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | 700 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 701 | 701 | ||
| 702 | OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); | ||
| 703 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); | 702 | OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); |
| 704 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); | 703 | OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); |
| 705 | if (ss->sess_cert != NULL) | 704 | if (ss->sess_cert != NULL) |
| @@ -807,6 +806,7 @@ SSL_SESSION_get_timeout(const SSL_SESSION *s) | |||
| 807 | return (s->timeout); | 806 | return (s->timeout); |
| 808 | } | 807 | } |
| 809 | 808 | ||
| 809 | /* XXX 2038 */ | ||
| 810 | long | 810 | long |
| 811 | SSL_SESSION_get_time(const SSL_SESSION *s) | 811 | SSL_SESSION_get_time(const SSL_SESSION *s) |
| 812 | { | 812 | { |
| @@ -815,6 +815,7 @@ SSL_SESSION_get_time(const SSL_SESSION *s) | |||
| 815 | return (s->time); | 815 | return (s->time); |
| 816 | } | 816 | } |
| 817 | 817 | ||
| 818 | /* XXX 2038 */ | ||
| 818 | long | 819 | long |
| 819 | SSL_SESSION_set_time(SSL_SESSION *s, long t) | 820 | SSL_SESSION_set_time(SSL_SESSION *s, long t) |
| 820 | { | 821 | { |
| @@ -926,7 +927,7 @@ typedef struct timeout_param_st { | |||
| 926 | static void | 927 | static void |
| 927 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | 928 | timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) |
| 928 | { | 929 | { |
| 929 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ | 930 | if ((p->time == 0) || (p->time > (s->time + s->timeout))) /* timeout */ |
| 930 | { | 931 | { |
| 931 | /* The reason we don't call SSL_CTX_remove_session() is to | 932 | /* The reason we don't call SSL_CTX_remove_session() is to |
| 932 | * save on locking overhead */ | 933 | * save on locking overhead */ |
| @@ -942,6 +943,7 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) | |||
| 942 | static | 943 | static |
| 943 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) | 944 | IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) |
| 944 | 945 | ||
| 946 | /* XXX 2038 */ | ||
| 945 | void | 947 | void |
| 946 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) | 948 | SSL_CTX_flush_sessions(SSL_CTX *s, long t) |
| 947 | { | 949 | { |