tlsticketupdate.go: Add expiry time, some refactoring

This commit is contained in:
Tatsuhiro Tsujikawa 2015-07-29 21:14:43 +09:00
parent 6446660113
commit 0ed8ed3f8d
1 changed files with 12 additions and 13 deletions

View File

@ -86,6 +86,7 @@ func main() {
mc.Set(&memcache.Item{ mc.Set(&memcache.Item{
Key: "nghttpx:tls-ticket-key", Key: "nghttpx:tls-ticket-key",
Value: buf.Bytes(), Value: buf.Bytes(),
Expiration: int32((*interval) + 300),
}) })
select { select {
@ -96,19 +97,17 @@ func main() {
// generate new key and append it to the last, so that // generate new key and append it to the last, so that
// we can at least decrypt TLS ticket encrypted by new // we can at least decrypt TLS ticket encrypted by new
// key on the host which does not get new key yet. // key on the host which does not get new key yet.
new_keys := [][]byte{} // keep at most past 11 keys as decryption only key
new_keys = append(new_keys, keys[len(keys)-1]) n := len(keys) + 1
for i, key := range keys { if n > 13 {
// keep at most past 11 keys as decryption n = 13
// only key
if i == len(keys)-1 || i > 11 {
break
} }
new_keys = append(new_keys, key) newKeys := make([][]byte, n)
} newKeys[0] = keys[len(keys)-1]
new_keys = append(new_keys, makeKey(keylen)) copy(newKeys[1:], keys[0:n-2])
newKeys[n-1] = makeKey(keylen)
keys = new_keys keys = newKeys
} }
} }