tlsticketupdate.go: Add expiry time, some refactoring
This commit is contained in:
parent
6446660113
commit
0ed8ed3f8d
|
@ -86,6 +86,7 @@ func main() {
|
||||||
mc.Set(&memcache.Item{
|
mc.Set(&memcache.Item{
|
||||||
Key: "nghttpx:tls-ticket-key",
|
Key: "nghttpx:tls-ticket-key",
|
||||||
Value: buf.Bytes(),
|
Value: buf.Bytes(),
|
||||||
|
Expiration: int32((*interval) + 300),
|
||||||
})
|
})
|
||||||
|
|
||||||
select {
|
select {
|
||||||
|
@ -96,19 +97,17 @@ func main() {
|
||||||
// generate new key and append it to the last, so that
|
// generate new key and append it to the last, so that
|
||||||
// we can at least decrypt TLS ticket encrypted by new
|
// we can at least decrypt TLS ticket encrypted by new
|
||||||
// key on the host which does not get new key yet.
|
// key on the host which does not get new key yet.
|
||||||
new_keys := [][]byte{}
|
// keep at most past 11 keys as decryption only key
|
||||||
new_keys = append(new_keys, keys[len(keys)-1])
|
n := len(keys) + 1
|
||||||
for i, key := range keys {
|
if n > 13 {
|
||||||
// keep at most past 11 keys as decryption
|
n = 13
|
||||||
// only key
|
|
||||||
if i == len(keys)-1 || i > 11 {
|
|
||||||
break
|
|
||||||
}
|
}
|
||||||
new_keys = append(new_keys, key)
|
newKeys := make([][]byte, n)
|
||||||
}
|
newKeys[0] = keys[len(keys)-1]
|
||||||
new_keys = append(new_keys, makeKey(keylen))
|
copy(newKeys[1:], keys[0:n-2])
|
||||||
|
newKeys[n-1] = makeKey(keylen)
|
||||||
|
|
||||||
keys = new_keys
|
keys = newKeys
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue