site setup: Correct logic for DEFAULT_KEY_RENEGOTIATE_GAP

[secnet.git] / site.c

diff --git a/site.c b/site.c
index 8a2d69ae5b5f713b28ab8099dea4c07b47e9657e..835ccc80065a1e5709f3d7c5b890d859b8975468 100644 (file)
--- a/site.c
+++ b/site.c
@@ -1238,7 +1238,7 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
 
     st->key_lifetime=dict_read_number(
        dict,"key-lifetime",False,"site",loc,DEFAULT_KEY_LIFETIME);
-    if (st->key_lifetime < DEFAULT_KEY_RENEGOTIATE_GAP)
+    if (st->key_lifetime < DEFAULT_KEY_RENEGOTIATE_GAP*2)
        st->key_renegotiate_time=st->key_lifetime/2;
     else
        st->key_renegotiate_time=st->key_lifetime-DEFAULT_KEY_RENEGOTIATE_GAP;