Session ticket expiration checked on server

commit: 606b4ba20f0d95d4fd3d0965601b3aaa380c744d [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Wed Aug 14 16:52:14 2013 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Thu Aug 15 11:42:48 2013 +0200
tree: bfe4c37886f459730c94ccbd5cfe616c57fcfad6
parent: f0e39acb58990d7fe659770674261cd6829bdc02 [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 9ae25f5..7de1577 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -288,6 +288,16 @@
         return( ret );
     }
 
+#if defined(POLARSSL_HAVE_TIME)
+    /* Check if still valid */
+    if( (int) ( time( NULL) - session.start ) > ssl->ticket_lifetime )
+    {
+        SSL_DEBUG_MSG( 1, ( "session ticket expired" ) );
+        memset( &session, 0, sizeof( ssl_session ) );
+        return( POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED );
+    }
+#endif
+
     /*
      * Keep the session ID sent by the client, since we MUST send it back to
      * inform him we're accepting the ticket  (RFC 5077 section 3.4)
commit	606b4ba20f0d95d4fd3d0965601b3aaa380c744d	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Wed Aug 14 16:52:14 2013 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Thu Aug 15 11:42:48 2013 +0200
tree	bfe4c37886f459730c94ccbd5cfe616c57fcfad6
parent	f0e39acb58990d7fe659770674261cd6829bdc02 [diff] [blame]