Test that servers enforce session timeouts.
Extend the DTLS mock clock to apply to sessions too and test that
resumption behaves as expected.
Change-Id: Ib8fdec91b36e11cfa032872b63cf589f93b3da13
Reviewed-on: https://boringssl-review.googlesource.com/9110
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a9df4e8..64fca64 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -155,6 +155,13 @@
#include "internal.h"
#include "../crypto/internal.h"
+#if defined(OPENSSL_WINDOWS)
+#include <sys/timeb.h>
+#else
+#include <sys/socket.h>
+#include <sys/time.h>
+#endif
+
/* |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it
* to avoid downstream churn. */
@@ -2102,7 +2109,9 @@
CRYPTO_MUTEX_unlock_write(&ctx->lock);
if (flush_cache) {
- SSL_CTX_flush_sessions(ctx, (unsigned long)time(NULL));
+ struct timeval now;
+ ssl_get_current_time(ssl, &now);
+ SSL_CTX_flush_sessions(ctx, (long)now.tv_sec);
}
}
}
@@ -3005,3 +3014,19 @@
int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
return SSL_set1_curves(ssl, &nid, 1);
}
+
+void ssl_get_current_time(const SSL *ssl, struct timeval *out_clock) {
+ if (ssl->ctx->current_time_cb != NULL) {
+ ssl->ctx->current_time_cb(ssl, out_clock);
+ return;
+ }
+
+#if defined(OPENSSL_WINDOWS)
+ struct _timeb time;
+ _ftime(&time);
+ out_clock->tv_sec = time.time;
+ out_clock->tv_usec = time.millitm * 1000;
+#else
+ gettimeofday(out_clock, NULL);
+#endif
+}