kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Treat sessions as expired on the boundary second.

Browse Source 
TLS 1.3 clarifies that a ticket lifetime of zero means the session is
unusable. We don't currently pay attention to that field (to be fixed in
later changes) but, in preparation for this, switch the >= to a >.

Change-Id: I0e67a0d97bc8def04914f121e84d3e7a2d640d2c
Reviewed-on: https://boringssl-review.googlesource.com/12102
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-11-02 23:24:29 -04:00 committed by Adam Langley
parent 5b7b09cfca
commit 8e816eb7b6
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/ssl_session.c
View File

@ -605,7 +605,7 @@ int ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session) {
return 0;
}
return session->timeout >= (long)now.tv_sec - session->time;
return session->timeout > (long)now.tv_sec - session->time;
}
/* ssl_lookup_session looks up |session_id| in the session cache and sets

2
ssl/ssl_test.cc
View File

@ -2142,7 +2142,7 @@ static bool TestSessionTimeout() {
}
// Advance the clock just behind the timeout.
g_current_time.tv_sec += SSL_DEFAULT_SESSION_TIMEOUT;
g_current_time.tv_sec += SSL_DEFAULT_SESSION_TIMEOUT - 1;
if (!ExpectSessionReused(client_ctx.get(), server_ctx.get(),
session.get(),