site setup: actually use calculated default for st->key_renegotiate_time

We go to some trouble to calculate an appropriate default value for
st->key_renegotiate_time.  However, when we actually do the config
file lookup we overwrote the result and used st->key_lifetime as the
default instead, which is wrong.

The upshot is that prior to this patch, DEFAULT_KEY_RENEGOTIATE_GAP
and the associated logic was unused, and keys were only renegotiated
at the point where they expired, which would produce a small gap in
connectivity.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/site.c b/site.c
index b780815..567b85f 100644 (file)
--- a/site.c
+++ b/site.c
@@ -1250,7 +1250,7 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
     else
        st->key_renegotiate_time=st->key_lifetime-DEFAULT_KEY_RENEGOTIATE_GAP;
     st->key_renegotiate_time=dict_read_number(
-       dict,"renegotiate-time",False,"site",loc,st->key_lifetime);
+       dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
     if (st->key_renegotiate_time > st->key_lifetime) {
        cfgfatal(loc,"site",
                 "renegotiate-time must be less than key-lifetime\n");