From 71d6ded93deb4d1edc464874b5359ece0ef857d2 Mon Sep 17 00:00:00 2001 From: guenther <> Date: Sun, 20 Apr 2014 12:48:19 +0000 Subject: Chop off more SSLv2 tentacles and start fixing and noting y2038 issues. APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl. ok tedu@ --- src/lib/libssl/ssl_sess.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'src/lib/libssl/ssl_sess.c') diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index c67ae1c22f..c032154d48 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c @@ -205,7 +205,7 @@ SSL_SESSION_new(void) ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ ss->references = 1; ss->timeout=60*5+4; /* 5 minute timeout by default */ - ss->time = (unsigned long)time(NULL); + ss->time = time(NULL); ss->prev = NULL; ss->next = NULL; ss->compress_meth = 0; @@ -555,7 +555,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, goto err; } - if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */ + if (ret->timeout < (time(NULL) - ret->time)) /* timeout */ { s->session_ctx->stats.sess_timeout++; if (try_session_cache) { @@ -699,7 +699,6 @@ SSL_SESSION_free(SSL_SESSION *ss) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); if (ss->sess_cert != NULL) @@ -807,6 +806,7 @@ SSL_SESSION_get_timeout(const SSL_SESSION *s) return (s->timeout); } +/* XXX 2038 */ long SSL_SESSION_get_time(const SSL_SESSION *s) { @@ -815,6 +815,7 @@ SSL_SESSION_get_time(const SSL_SESSION *s) return (s->time); } +/* XXX 2038 */ long SSL_SESSION_set_time(SSL_SESSION *s, long t) { @@ -926,7 +927,7 @@ typedef struct timeout_param_st { static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) { - if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ + if ((p->time == 0) || (p->time > (s->time + s->timeout))) /* timeout */ { /* The reason we don't call SSL_CTX_remove_session() is to * save on locking overhead */ @@ -942,6 +943,7 @@ timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p) static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM) +/* XXX 2038 */ void SSL_CTX_flush_sessions(SSL_CTX *s, long t) { -- cgit v1.2.3-55-g6feb