We go to some trouble to calculate an appropriate default value for
st->key_renegotiate_time. However, when we actually do the config
file lookup we overwrote the result and used st->key_lifetime as the
default instead, which is wrong.
The upshot is that prior to this patch, DEFAULT_KEY_RENEGOTIATE_GAP
and the associated logic was unused, and keys were only renegotiated
at the point where they expired, which would produce a small gap in
connectivity.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
else
st->key_renegotiate_time=st->key_lifetime-DEFAULT_KEY_RENEGOTIATE_GAP;
st->key_renegotiate_time=dict_read_number(
- dict,"renegotiate-time",False,"site",loc,st->key_lifetime);
+ dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
if (st->key_renegotiate_time > st->key_lifetime) {
cfgfatal(loc,"site",
"renegotiate-time must be less than key-lifetime\n");