Skip to content

[WIP] tls: add server.sessionTimeout getter and setter. #34006

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[WIP] tls: add server.sessionTimeout getter and setter. #34006

wants to merge 1 commit into from

Conversation

mkrawczuk
Copy link
Contributor

This change enables dynamical change of tls.Server's session timeout. It is a follow-up to #33974.

I would like to ask for help and suggestions on writing appropriate tests for these methods. At first I wanted to count new and resumed sessions from the event callbacks, but it turned out they are not called when the client is using the session ticket feature.

@mkrawczuk
[WIP] tls: add server.sessionTimeout getter and setter.
ec4c5a9 
This change enables dynamical change of tls.Server's session timeout.

TODO:
* finish tests
* add doc
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. labels Jun 21, 2020
@mkrawczuk mkrawczuk marked this pull request as draft June 21, 2020 21:48
bnoordhuis
bnoordhuis reviewed Jun 23, 2020
View reviewed changes
Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd be okay with a test that tests types/ranges and verifies that setting the value is reflected by the getter.

Testing whether the session actually expires would be nice but I can see how it'd be complicated and not very reliable / timing sensitive.

src/node_crypto.cc
Comment on lines +1384 to +1385
long sessionTimeout = SSL_CTX_get_timeout(sc->ctx_.get());
args.GetReturnValue().Set(static_cast<uint32_t>(sessionTimeout));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I recognize the same style issue exists in SetSessionTimeout() but...

Suggested change
long sessionTimeout = SSL_CTX_get_timeout(sc->ctx_.get());
args.GetReturnValue().Set(static_cast<uint32_t>(sessionTimeout));
long session_timeout = SSL_CTX_get_timeout(sc->ctx_.get());
args.GetReturnValue().Set(static_cast<uint32_t>(session_timeout));

(and I'm going to guess the first line needs a // NOLINT(runtime/int) to shut up cpplint)

test/parallel/test-tls-session-timeout.js
Comment on lines +1 to +21
// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.

(not necessary in new test files)

@mkrawczuk mkrawczuk closed this Dec 16, 2020
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@bnoordhuis bnoordhuis bnoordhuis left review comments

Assignees
No one assigned
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mkrawczuk @bnoordhuis @nodejs-github-bot