From cce0051f2732852823594157cf82ade6528704df Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sun, 12 Jun 2011 19:13:38 +0100
Subject: [PATCH] site setup: actually use calculated default for
 st->key_renegotiate_time

We go to some trouble to calculate an appropriate default value for
st->key_renegotiate_time.  However, when we actually do the config
file lookup we overwrote the result and used st->key_lifetime as the
default instead, which is wrong.

The upshot is that prior to this patch, DEFAULT_KEY_RENEGOTIATE_GAP
and the associated logic was unused, and keys were only renegotiated
at the point where they expired, which would produce a small gap in
connectivity.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 site.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/site.c b/site.c
index b780815..567b85f 100644
--- a/site.c
+++ b/site.c
@@ -1250,7 +1250,7 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
     else
 	st->key_renegotiate_time=st->key_lifetime-DEFAULT_KEY_RENEGOTIATE_GAP;
     st->key_renegotiate_time=dict_read_number(
-	dict,"renegotiate-time",False,"site",loc,st->key_lifetime);
+	dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
     if (st->key_renegotiate_time > st->key_lifetime) {
 	cfgfatal(loc,"site",
 		 "renegotiate-time must be less than key-lifetime\n");
-- 
2.30.2