Changes to updated cached server connections at five minute intervals

2025-04-23 09:04:13 +00:00 · 2019-01-03 09:58:02 +00:00 · 2019-01-03 09:58:02 +00:00 · d144e29b48
commit d144e29b48
parent df3eed2452
4 changed files with 37 additions and 1 deletions
--- a/13
+++ b/13
@ -1,3 +1,14 @@
+2019-01-03  Richard Frith-Macdonald <rfm@gnu.org>
+
+	* Source/GSTLS.h:
+	* Source/GSTLS.m:
+	* Source/NSFileHandle.m:
+	Track the age of TLS sessions for server connections and, when
+	accepting an incoming connection, replace the current server
+	connection (if the existing one is more than 5 minutes old) so
+	that cached certificate information will be updated from file
+	(eg if a certificate needs to be updated while a server is running).
+
 2018-12-06  Wolfgang Lux  <wolfgang.lux@gmail.com>

 	* Headers/Foundation/NSObject.h:
@ -6,7 +17,7 @@

 2018-12-05  Richard Frith-Macdonald <rfm@gnu.org>

-	* Headers/Foundartion/NSURLHandle.h:
+	* Headers/Foundation/NSURLHandle.h:
 	* Source/NSURLHandle.m:
 	* Source/GSHTTPURLHandle.m:
 	Expose GNUstep specific methods for old code that depends on them.
--- a/Source/GSTLS.h
+++ b/Source/GSTLS.h
@ -192,6 +192,7 @@ typedef ssize_t (*GSTLSIOW)(gnutls_transport_ptr_t, const void *, size_t);
  BOOL                                  handshake;
  BOOL                                  setup;
  BOOL                                  debug;
+  NSTimeInterval                        created;
@public
  gnutls_session_t                      session;
 }
@ -212,6 +213,10 @@ typedef ssize_t (*GSTLSIOW)(gnutls_transport_ptr_t, const void *, size_t);
 */
 - (BOOL) active;

+/** Returns the age of this instance (how long since it was created).
+ */
+- (NSTimeInterval) age;
+
 /* Returns the credentials object ofr this session.
 */
 - (GSTLSCredentials*) credentials;
--- a/Source/GSTLS.m
+++ b/Source/GSTLS.m
@ -1421,6 +1421,11 @@ retrieve_callback(gnutls_session_t session,
  return active;
 }

+- (NSTimeInterval) age
+{
+  return [NSDate timeIntervalSinceReferenceDate] - created;
+}
+
 - (GSTLSCredentials*) credentials
 {
  return credentials;
@ -1504,6 +1509,7 @@ retrieve_callback(gnutls_session_t session,
      BOOL      trust;
      BOOL      verify;

+      created = [NSDate timeIntervalSinceReferenceDate];
      opts = [options copy];
      outgoing = isOutgoing ? YES : NO;

--- a/Source/NSFileHandle.m
+++ b/Source/NSFileHandle.m
@ -982,6 +982,20 @@ GSTLSHandlePush(gnutls_transport_ptr_t handle, const void *buffer, size_t len)
  return [super read: buf length: len];
 }

+- (BOOL) sslAccept
+{
+  /* If a server session is over five minutes old, destroy it so that
+   * we create a new one to accept the incoming connection.  This is
+   * needed in case the certificate files associated with a long running
+   * server have been updated and we need to load/use the new certificate.
+   */
+  if (session != nil && [session age] >= 300.0)
+    {
+      DESTROY(session);
+    }
+  return [super sslAccept];
+}
+
 - (void) sslDisconnect
 {
  [self setNonBlocking: NO];