walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

tlsticketupdate.go: Add expiry time, some refactoring

This commit is contained in:
Tatsuhiro Tsujikawa 2015-07-29 21:14:43 +09:00
parent 6446660113
commit 0ed8ed3f8d
1 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
contrib/tlsticketupdate.go
View File

@ -84,8 +84,9 @@ func main() {
} }
mc.Set(&memcache.Item{ mc.Set(&memcache.Item{
Key: "nghttpx:tls-ticket-key", Key: "nghttpx:tls-ticket-key",
Value: buf.Bytes(), Value: buf.Bytes(),
Expiration: int32((*interval) + 300),
}) })
select { select {
@ -96,19 +97,17 @@ func main() {
// generate new key and append it to the last, so that // generate new key and append it to the last, so that
// we can at least decrypt TLS ticket encrypted by new // we can at least decrypt TLS ticket encrypted by new
// key on the host which does not get new key yet. // key on the host which does not get new key yet.
new_keys := [][]byte{} // keep at most past 11 keys as decryption only key
new_keys = append(new_keys, keys[len(keys)-1]) n := len(keys) + 1
for i, key := range keys { if n > 13 {
// keep at most past 11 keys as decryption n = 13
// only key
if i == len(keys)-1 || i > 11 {
break
}
new_keys = append(new_keys, key)
} }
new_keys = append(new_keys, makeKey(keylen)) newKeys := make([][]byte, n)
newKeys[0] = keys[len(keys)-1]
copy(newKeys[1:], keys[0:n-2])
newKeys[n-1] = makeKey(keylen)
keys = new_keys keys = newKeys
} }
} }