diff options
author | Manuel Pégourié-Gonnard <mpg@elzevir.fr> | 2024-02-21 09:38:46 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-21 09:38:46 +0000 |
commit | 0ecb5fd6f530ff3d963106c982683168a50a043e (patch) | |
tree | c990b0fc33aefd04c350b71d10ede803c1e01433 /programs | |
parent | fc3f980f0f95c9678c53c31d2e6c59f49101180c (diff) | |
parent | a93e25e7499eb672a71f409ab124d753a24b3a32 (diff) | |
download | mbedtls-0ecb5fd6f530ff3d963106c982683168a50a043e.zip mbedtls-0ecb5fd6f530ff3d963106c982683168a50a043e.tar.gz mbedtls-0ecb5fd6f530ff3d963106c982683168a50a043e.tar.bz2 |
Merge pull request #8574 from ronald-cron-arm/ssl-tickets
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
Diffstat (limited to 'programs')
-rw-r--r-- | programs/ssl/ssl_server2.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 48b2282..abf33de 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1420,7 +1420,6 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, return MBEDTLS_ERR_SSL_INVALID_MAC; case 2: return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) case 3: /* Creation time in the future. */ session->ticket_creation_time = mbedtls_ms_time() + 1000; @@ -1430,6 +1429,7 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, session->ticket_creation_time = mbedtls_ms_time() - (7 * 24 * 3600 * 1000 + 1000); break; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) case 5: /* Ticket is valid, but client age is below the lower bound of the tolerance window. */ session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; |