From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sat, 11 Jun 2011 14:10:08 +0000 (+0100)
Subject: site setup: Correct logic for DEFAULT_KEY_RENEGOTIATE_GAP
X-Git-Tag: v0.2.0~67
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=secnet.git;a=commitdiff_plain;h=95021ddf9183b75739cfbf04c19b5ff3f3e23fb3;hp=16f73fa6cc7426276bc4bd0cc8537d08c64cbc83

site setup: Correct logic for DEFAULT_KEY_RENEGOTIATE_GAP

Previously, key_renegotiate_time would be set to
   key_lifetime - DEFAULT_KEY_RENEGOTIATE_GAP
unless that was negative, in which case it would be set to
   key_lifetime / 2
This is illogical as it is not monotonic in key_lifetime.
Instead we now set it to the larger of those two values.

(This bug has had no effect as the buggy calculation was ignored due
to another bug, which will be fixed in a later patch.)

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---

diff --git a/site.c b/site.c
index 8a2d69a..835ccc8 100644
--- a/site.c
+++ b/site.c
@@ -1238,7 +1238,7 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
 
     st->key_lifetime=dict_read_number(
 	dict,"key-lifetime",False,"site",loc,DEFAULT_KEY_LIFETIME);
-    if (st->key_lifetime < DEFAULT_KEY_RENEGOTIATE_GAP)
+    if (st->key_lifetime < DEFAULT_KEY_RENEGOTIATE_GAP*2)
 	st->key_renegotiate_time=st->key_lifetime/2;
     else
 	st->key_renegotiate_time=st->key_lifetime-DEFAULT_KEY_RENEGOTIATE_GAP;