Test that servers enforce session timeouts.
Extend the DTLS mock clock to apply to sessions too and test that
resumption behaves as expected.
Change-Id: Ib8fdec91b36e11cfa032872b63cf589f93b3da13
Reviewed-on: https://boringssl-review.googlesource.com/9110
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_session.c b/ssl/ssl_session.c
index 3bd52e0..0388661 100644
--- a/ssl/ssl_session.c
+++ b/ssl/ssl_session.c
@@ -170,7 +170,7 @@
session->verify_result = X509_V_ERR_INVALID_CALL;
session->references = 1;
session->timeout = SSL_DEFAULT_SESSION_TIMEOUT;
- session->time = (unsigned long)time(NULL);
+ session->time = (long)time(NULL);
CRYPTO_new_ex_data(&session->ex_data);
return session;
}
@@ -419,6 +419,11 @@
return 0;
}
+ /* Fill in the time from the |SSL_CTX|'s clock. */
+ struct timeval now;
+ ssl_get_current_time(ssl, &now);
+ session->time = now.tv_sec;
+
/* If the context has a default timeout, use it over the default. */
if (ssl->initial_ctx->session_timeout != 0) {
session->timeout = ssl->initial_ctx->session_timeout;
@@ -678,7 +683,9 @@
return ssl_session_error;
}
- if (session->timeout < (long)(time(NULL) - session->time)) {
+ struct timeval now;
+ ssl_get_current_time(ssl, &now);
+ if (session->timeout < (long)now.tv_sec - session->time) {
if (from_cache) {
/* The session was from the cache, so remove it. */
SSL_CTX_remove_session(ssl->initial_ctx, session);
