TLS sessions expire the at cookie timeout.

src/main-resume.c

@@ -178,7 +178,7 @@ void expire_tls_sessions(main_server_st * s)
 
 		exp = gnutls_db_check_entry_time(&d);
 
-		if (now - exp > TLS_SESSION_EXPIRATION_TIME) {
+		if (now - exp > TLS_SESSION_EXPIRATION_TIME(s->config)) {
 			cache->session_id_size = 0;
 
 			htable_delval(s->tls_db.ht, &iter);

src/tlslib.h

@@ -113,7 +113,7 @@ typedef struct
   unsigned int session_data_size;
 } tls_cache_st;
 
-#define TLS_SESSION_EXPIRATION_TIME 600
+#define TLS_SESSION_EXPIRATION_TIME(config) ((config)->cookie_timeout)
 #define DEFAULT_MAX_CACHED_TLS_SESSIONS 64
 
 void tls_cache_init(void *pool, tls_sess_db_st* db);

src/worker-vpn.c

@@ -713,7 +713,7 @@ void vpn_server(struct worker_st *ws)
 	set_resume_db_funcs(session);
 	gnutls_session_set_ptr(session, ws);
 	gnutls_db_set_ptr(session, ws);
-	gnutls_db_set_cache_expiration(session, TLS_SESSION_EXPIRATION_TIME);
+	gnutls_db_set_cache_expiration(session, TLS_SESSION_EXPIRATION_TIME(ws->config));
 
 	gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
 	do {