Add quic_tls_config_set_session_timeout() and change default session …

…timeout (#386)
Tencent · Sep 26, 2024 · 765d16e · 765d16e
1 parent 249bf48
commit 765d16e
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 0 deletions.
diff --git a/include/tquic.h b/include/tquic.h
@@ -799,6 +799,11 @@ void quic_tls_config_free(struct quic_tls_config_t *tls_config);
  */
 void quic_tls_config_set_early_data_enabled(struct quic_tls_config_t *tls_config, bool enable);
 
+/**
+ * Set the session lifetime in seconds
+ */
+void quic_tls_config_set_session_timeout(struct quic_tls_config_t *tls_config, uint32_t timeout);
+
 /**
  * Set the list of supported application protocols.
  * The `protos` is a pointer that points to an array, where each element of the array is a string

diff --git a/src/ffi.rs b/src/ffi.rs
@@ -657,6 +657,12 @@ pub extern "C" fn quic_tls_config_set_early_data_enabled(tls_config: &mut TlsCon
     tls_config.set_early_data_enabled(enable)
 }
 
+/// Set the session lifetime in seconds
+#[no_mangle]
+pub extern "C" fn quic_tls_config_set_session_timeout(tls_config: &mut TlsConfig, timeout: u32) {
+    tls_config.set_session_timeout(timeout)
+}
+
 /// Set the list of supported application protocols.
 /// The `protos` is a pointer that points to an array, where each element of the array is a string
 /// pointer representing an application protocol identifier. For example, you can define it as

diff --git a/src/tls/boringssl/tls.rs b/src/tls/boringssl/tls.rs
@@ -414,6 +414,13 @@ impl Context {
             SSL_CTX_set_early_data_enabled(self.as_mut_ptr(), enabled);
         }
     }
+
+    /// Set the lifetime, in seconds, of TLS 1.3 sessions created in ctx to timeout.
+    pub fn set_session_psk_dhe_timeout(&mut self, timeout: u32) {
+        unsafe {
+            SSL_CTX_set_session_psk_dhe_timeout(self.as_mut_ptr(), timeout);
+        }
+    }
 }
 
 fn get_ctx_data_from_ptr<'a, T>(ptr: *mut SslCtx, idx: c_int) -> Option<&'a mut T> {
@@ -1345,6 +1352,9 @@ extern "C" {
     /// Set whether early data is allowed.
     fn SSL_CTX_set_early_data_enabled(ctx: *mut SslCtx, enabled: i32);
 
+    /// Set the lifetime, in seconds, of TLS 1.3 sessions created in ctx to timeout.
+    fn SSL_CTX_set_session_psk_dhe_timeout(ctx: *mut SslCtx, timeout: u32);
+
     /// Set the session cache mode.
     fn SSL_CTX_set_session_cache_mode(ctx: *mut SslCtx, mode: c_int) -> c_int;
 

diff --git a/src/tls/tls.rs b/src/tls/tls.rs
@@ -124,6 +124,9 @@ impl TlsConfig {
         tls_config.set_private_key_file(key_file)?;
         tls_config.set_application_protos(application_protos)?;
         tls_config.set_early_data_enabled(enable_early_data);
+        // TLS 1.3 sets a limit of seven days on the time between the original
+        // connection and any attempt to use 0-RTT.
+        tls_config.set_session_timeout(7 * 24 * 60 * 60);
 
         Ok(tls_config)
     }
@@ -133,6 +136,11 @@ impl TlsConfig {
         self.tls_ctx.set_early_data_enabled(enable_early_data)
     }
 
+    /// Set the session lifetime in seconds
+    pub fn set_session_timeout(&mut self, timeout: u32) {
+        self.tls_ctx.set_session_psk_dhe_timeout(timeout)
+    }
+
     /// Set the list of supported application protocols.
     pub fn set_application_protos(&mut self, application_protos: Vec<Vec<u8>>) -> Result<()> {
         self.tls_ctx.set_alpn(application_protos)