diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2021-03-17 06:11:00 -0400 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2021-03-26 07:33:42 -0400 |
commit | d50d4dc0e557d582a0da4f3116ef1c4ab7a0bd78 (patch) | |
tree | a95ce2aa75f47e8129f479933cab8a683c6cd32f /src/mod_gnutls.c | |
parent | dde9df431088697b0a29b71b1f4b68023118468f (diff) | |
download | lighttpd-git-d50d4dc0e557d582a0da4f3116ef1c4ab7a0bd78.tar.gz |
[TLS] init STEK even if time is 1970 (fixes #3075)
(thx DamienT)
x-ref:
"TLS 1.3 with SessionTicket fail for the first 8 hours of 1970"
https://redmine.lighttpd.net/issues/3075
Diffstat (limited to 'src/mod_gnutls.c')
-rw-r--r-- | src/mod_gnutls.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c index 480ce739..68189575 100644 --- a/src/mod_gnutls.c +++ b/src/mod_gnutls.c @@ -407,7 +407,8 @@ mod_gnutls_session_ticket_key_check (server *srv, const plugin_data *p, const ti if (stek->expire_ts < cur_ts) mod_gnutls_session_ticket_key_free(); } - else if (cur_ts - 86400 >= stek_rotate_ts) { /*(24 hours)*/ + else if (cur_ts - 86400 >= stek_rotate_ts /*(24 hours)*/ + || 0 == stek_rotate_ts) { mod_gnutls_session_ticket_key_rotate(srv); stek_rotate_ts = cur_ts; } |