diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-09-19 14:15:20 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-09-20 13:40:32 +0200 |
| commit | 088baae15da080dcbccf7df5c08bbc0ca3ad3237 (patch) | |
| tree | 6ca3afa87b6f128c2a0f87d77071549c4d53b71f /lib/ext | |
| parent | fe6c0ff7b911ff077d7dcf3434e8c4700f6794a4 (diff) | |
| download | gnutls-088baae15da080dcbccf7df5c08bbc0ca3ad3237.tar.gz | |
session tickets: check timestamp for validitytmp-session-ticket-key-rotation-ajuaristi
We were previously only relying on the client's view of the
ticket lifetime for TLS1.3 tickets. This makes sure that we
only resume tickets that the server considers valid and consolidates
the expiration time checks to _gnutls_check_resumed_params().
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/ext')
| -rw-r--r-- | lib/ext/session_ticket.c | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c index 177135e642..3eb63818b9 100644 --- a/lib/ext/session_ticket.c +++ b/lib/ext/session_ticket.c @@ -349,7 +349,6 @@ static int unpack_session(gnutls_session_t session, const gnutls_datum_t *state) { int ret; - time_t timestamp = gnutls_time(0); if (unlikely(!state)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); @@ -358,13 +357,6 @@ unpack_session(gnutls_session_t session, const gnutls_datum_t *state) if (ret < 0) return gnutls_assert_val(ret); - if (timestamp - - session->internals.resumed_security_parameters.timestamp > - session->internals.expire_time - || session->internals.resumed_security_parameters.timestamp > - timestamp) - return gnutls_assert_val(GNUTLS_E_EXPIRED); - ret = _gnutls_check_resumed_params(session); if (ret < 0) return gnutls_assert_val(ret); |