From dcac7e05520336e2bd362ec1fe733e49ccaacb7c Mon Sep 17 00:00:00 2001 From: "William A. Rowe Jr" Date: Tue, 9 Feb 2010 03:44:04 +0000 Subject: [PATCH] Catch up ssl to socache store expiry change, and clarify what the code is doing git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@907918 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/ssl_engine_kernel.c | 7 ++++--- modules/ssl/ssl_private.h | 2 +- modules/ssl/ssl_scache.c | 2 +- modules/ssl/ssl_util_stapling.c | 12 ++++++------ 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 0529ead0e8..9cee188ebc 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1812,9 +1812,10 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session) id = SSL_SESSION_get_session_id(session); idlen = SSL_SESSION_get_session_id_length(session); - timeout += modssl_session_get_time(session); - - rc = ssl_scache_store(s, id, idlen, timeout, session, conn->pool); + rc = ssl_scache_store(s, id, idlen, + apr_time_from_sec(modssl_session_get_time(session) + + timeout), + session, conn->pool); ssl_session_log(s, "SET", id, idlen, rc == TRUE ? "OK" : "BAD", diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index 313ceeb4fd..8d1ba8baa8 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -642,7 +642,7 @@ void ssl_scache_init(server_rec *, apr_pool_t *); void ssl_scache_status_register(apr_pool_t *p); void ssl_scache_kill(server_rec *); BOOL ssl_scache_store(server_rec *, UCHAR *, int, - time_t, SSL_SESSION *, apr_pool_t *); + apr_time_t, SSL_SESSION *, apr_pool_t *); SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int, apr_pool_t *); void ssl_scache_remove(server_rec *, UCHAR *, int, apr_pool_t *); diff --git a/modules/ssl/ssl_scache.c b/modules/ssl/ssl_scache.c index 7f6155a5e2..afb2f51607 100644 --- a/modules/ssl/ssl_scache.c +++ b/modules/ssl/ssl_scache.c @@ -113,7 +113,7 @@ void ssl_scache_kill(server_rec *s) } BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen, - time_t expiry, SSL_SESSION *sess, + apr_time_t expiry, SSL_SESSION *sess, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); diff --git a/modules/ssl/ssl_util_stapling.c b/modules/ssl/ssl_util_stapling.c index e069fae848..0f10cec8f3 100644 --- a/modules/ssl/ssl_util_stapling.c +++ b/modules/ssl/ssl_util_stapling.c @@ -184,7 +184,7 @@ static BOOL stapling_cache_response(server_rec *s, modssl_ctx_t *mctx, unsigned char *p; int resp_derlen; BOOL rv; - time_t timeout; + apr_time_t expiry; resp_derlen = i2d_OCSP_RESPONSE(rsp, NULL) + 1; @@ -200,25 +200,25 @@ static BOOL stapling_cache_response(server_rec *s, modssl_ctx_t *mctx, return FALSE; } - p = resp_der; + /* TODO: potential optimization; _timeout members as apr_interval_time_t */ if (ok == TRUE) { *p++ = 1; - timeout = mctx->stapling_cache_timeout; + expiry = apr_time_from_sec(mctx->stapling_cache_timeout); } else { *p++ = 0; - timeout = mctx->stapling_errcache_timeout; + expiry = apr_time_from_sec(mctx->stapling_errcache_timeout); } - timeout += apr_time_sec(apr_time_now()); + expiry += apr_time_now(); i2d_OCSP_RESPONSE(rsp, &p); rv = mc->stapling_cache->store(mc->stapling_cache_context, s, cinf->idx, sizeof(cinf->idx), - timeout, resp_der, resp_derlen, pool); + expiry, resp_der, resp_derlen, pool); if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "stapling_cache_response: OCSP response session store error!"); -- 2.40.0