[TLS] reset stek_rotate_ts if clock moves backward

reset stek_rotate_ts if clock moves backwards > 28800 seconds

x-ref:
  "Lighttpd 1.4.58 SSL connections stop working if system time of lighttpd server is changed to future one (+12h or even days)"
  https://redmine.lighttpd.net/issues/3080
This commit is contained in:
Glenn Strauss 2021-05-25 08:17:51 -04:00
parent f8bd028dc0
commit 66626315ba
3 changed files with 15 additions and 0 deletions

View File

@ -371,6 +371,11 @@ mod_gnutls_session_ticket_key_file (const char *fn)
static void
mod_gnutls_session_ticket_key_check (server *srv, const plugin_data *p, const time_t cur_ts)
{
static time_t detect_retrograde_ts;
if (detect_retrograde_ts > cur_ts && detect_retrograde_ts - cur_ts > 28800)
stek_rotate_ts = 0;
detect_retrograde_ts = cur_ts;
if (p->ssl_stek_file) {
struct stat st;
if (0 == stat(p->ssl_stek_file, &st) && st.st_mtime > stek_rotate_ts

View File

@ -440,6 +440,11 @@ mod_openssl_session_ticket_key_file (const char *fn)
static void
mod_openssl_session_ticket_key_check (const plugin_data *p, const time_t cur_ts)
{
static time_t detect_retrograde_ts;
if (detect_retrograde_ts > cur_ts && detect_retrograde_ts - cur_ts > 28800)
stek_rotate_ts = 0;
detect_retrograde_ts = cur_ts;
int rotate = 0;
if (p->ssl_stek_file) {
struct stat st;

View File

@ -425,6 +425,11 @@ mod_openssl_session_ticket_key_file (const char *fn)
static void
mod_openssl_session_ticket_key_check (const plugin_data *p, const time_t cur_ts)
{
static time_t detect_retrograde_ts;
if (detect_retrograde_ts > cur_ts && detect_retrograde_ts - cur_ts > 28800)
stek_rotate_ts = 0;
detect_retrograde_ts = cur_ts;
int rotate = 0;
if (p->ssl_stek_file) {
struct stat st;