Session ticket expiration checked on server
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 9ae25f5..7de1577 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -288,6 +288,16 @@
return( ret );
}
+#if defined(POLARSSL_HAVE_TIME)
+ /* Check if still valid */
+ if( (int) ( time( NULL) - session.start ) > ssl->ticket_lifetime )
+ {
+ SSL_DEBUG_MSG( 1, ( "session ticket expired" ) );
+ memset( &session, 0, sizeof( ssl_session ) );
+ return( POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED );
+ }
+#endif
+
/*
* Keep the session ID sent by the client, since we MUST send it back to
* inform him we're accepting the ticket (RFC 5077 section 3.4)