[TLS] reset stek_rotate_ts if clock moves backward
reset stek_rotate_ts if clock moves backwards > 28800 seconds x-ref: "Lighttpd 1.4.58 SSL connections stop working if system time of lighttpd server is changed to future one (+12h or even days)" https://redmine.lighttpd.net/issues/3080
This commit is contained in:
parent
f8bd028dc0
commit
66626315ba
|
@ -371,6 +371,11 @@ mod_gnutls_session_ticket_key_file (const char *fn)
|
|||
static void
|
||||
mod_gnutls_session_ticket_key_check (server *srv, const plugin_data *p, const time_t cur_ts)
|
||||
{
|
||||
static time_t detect_retrograde_ts;
|
||||
if (detect_retrograde_ts > cur_ts && detect_retrograde_ts - cur_ts > 28800)
|
||||
stek_rotate_ts = 0;
|
||||
detect_retrograde_ts = cur_ts;
|
||||
|
||||
if (p->ssl_stek_file) {
|
||||
struct stat st;
|
||||
if (0 == stat(p->ssl_stek_file, &st) && st.st_mtime > stek_rotate_ts
|
||||
|
|
|
@ -440,6 +440,11 @@ mod_openssl_session_ticket_key_file (const char *fn)
|
|||
static void
|
||||
mod_openssl_session_ticket_key_check (const plugin_data *p, const time_t cur_ts)
|
||||
{
|
||||
static time_t detect_retrograde_ts;
|
||||
if (detect_retrograde_ts > cur_ts && detect_retrograde_ts - cur_ts > 28800)
|
||||
stek_rotate_ts = 0;
|
||||
detect_retrograde_ts = cur_ts;
|
||||
|
||||
int rotate = 0;
|
||||
if (p->ssl_stek_file) {
|
||||
struct stat st;
|
||||
|
|
|
@ -425,6 +425,11 @@ mod_openssl_session_ticket_key_file (const char *fn)
|
|||
static void
|
||||
mod_openssl_session_ticket_key_check (const plugin_data *p, const time_t cur_ts)
|
||||
{
|
||||
static time_t detect_retrograde_ts;
|
||||
if (detect_retrograde_ts > cur_ts && detect_retrograde_ts - cur_ts > 28800)
|
||||
stek_rotate_ts = 0;
|
||||
detect_retrograde_ts = cur_ts;
|
||||
|
||||
int rotate = 0;
|
||||
if (p->ssl_stek_file) {
|
||||
struct stat st;
|
||||
|
|
Loading…
Reference in New Issue