Browse Source

[TLS] reset stek_rotate_ts if clock moves backward

reset stek_rotate_ts if clock moves backwards > 28800 seconds

x-ref:
  "Lighttpd 1.4.58 SSL connections stop working if system time of lighttpd server is changed to future one (+12h or even days)"
  https://redmine.lighttpd.net/issues/3080
master
Glenn Strauss 6 months ago
parent
commit
66626315ba
  1. 5
      src/mod_gnutls.c
  2. 5
      src/mod_openssl.c
  3. 5
      src/mod_wolfssl.c

5
src/mod_gnutls.c

@ -371,6 +371,11 @@ mod_gnutls_session_ticket_key_file (const char *fn)
static void
mod_gnutls_session_ticket_key_check (server *srv, const plugin_data *p, const time_t cur_ts)
{
static time_t detect_retrograde_ts;
if (detect_retrograde_ts > cur_ts && detect_retrograde_ts - cur_ts > 28800)
stek_rotate_ts = 0;
detect_retrograde_ts = cur_ts;
if (p->ssl_stek_file) {
struct stat st;
if (0 == stat(p->ssl_stek_file, &st) && st.st_mtime > stek_rotate_ts

5
src/mod_openssl.c

@ -440,6 +440,11 @@ mod_openssl_session_ticket_key_file (const char *fn)
static void
mod_openssl_session_ticket_key_check (const plugin_data *p, const time_t cur_ts)
{
static time_t detect_retrograde_ts;
if (detect_retrograde_ts > cur_ts && detect_retrograde_ts - cur_ts > 28800)
stek_rotate_ts = 0;
detect_retrograde_ts = cur_ts;
int rotate = 0;
if (p->ssl_stek_file) {
struct stat st;

5
src/mod_wolfssl.c

@ -425,6 +425,11 @@ mod_openssl_session_ticket_key_file (const char *fn)
static void
mod_openssl_session_ticket_key_check (const plugin_data *p, const time_t cur_ts)
{
static time_t detect_retrograde_ts;
if (detect_retrograde_ts > cur_ts && detect_retrograde_ts - cur_ts > 28800)
stek_rotate_ts = 0;
detect_retrograde_ts = cur_ts;
int rotate = 0;
if (p->ssl_stek_file) {
struct stat st;

Loading…
Cancel
Save