SSL: SSL_CTX_set_timeout() now always called.

The timeout set is used by OpenSSL as a hint for clients in TLS Session
Tickets.  Previous code resulted in a default timeout (5m) used for TLS
Sessions Tickets if there was no session cache configured.

Prodded by Piotr Sikora.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index df8f7e1a30b9d0eb2dbfe802df1f9c1822f4d451..6a3a2b5db8cc12453954d997c380e88b7e47f3b5 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1704,6 +1704,8 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
 {
     long  cache_mode;
 
+    SSL_CTX_set_timeout(ssl->ctx, (long) timeout);
+
     if (builtin_session_cache == NGX_SSL_NO_SCACHE) {
         SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF);
         return NGX_OK;
@@ -1749,8 +1751,6 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
         }
     }
 
-    SSL_CTX_set_timeout(ssl->ctx, (long) timeout);
-
     if (shm_zone) {
         SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session);
         SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session);