### Changes between 3.2 and 3.3 [xx XXX xxxx]
+ * Added API functions SSL_SESSION_get_time_ex(), SSL_SESSION_set_time_ex()
+ using time_t which is Y2038 safe on 32 bit systems when 64 bit time
+ is enabled (e.g via setting glibc macro _TIME_BITS=64).
+
+ *Ijtaba Hussain*
+
* The EVP_PKEY_fromdata function has been augmented to allow for the derivation
of CRT (Chinese Remainder Theorem) parameters when requested. See the
OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ param in the EVP_PKEY-RSA documentation.
=head1 NAME
SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout,
-SSL_SESSION_set_timeout,
+SSL_SESSION_set_timeout, SSL_SESSION_get_time_ex, SSL_SESSION_set_time_ex,
SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout
- retrieve and manipulate session time and timeout settings
long SSL_get_timeout(const SSL_SESSION *s);
long SSL_set_timeout(SSL_SESSION *s, long tm);
+ time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s);
+ time_t SSL_SESSION_set_time_ex(SSL_SESSION *s, time_t tm);
+
=head1 DESCRIPTION
SSL_SESSION_get_time() returns the time at which the session B<s> was
SSL_SESSION_set_timeout() sets the timeout value for session B<s> in seconds
to B<tm>.
+SSL_SESSION_get_time_ex() and SSL_SESSION_set_time_ex() extended functions use
+the time_t datatype instead of long to fix the Y2038 problem on systems with
+64 bit time_t type.
+
The SSL_get_time(), SSL_set_time(), SSL_get_timeout(), and SSL_set_timeout()
functions are synonyms for the SSL_SESSION_*() counterparts.
If any of the function is passed the NULL pointer for the session B<s>,
0 is returned.
+=head1 BUGS
+
+The data type long is typically 32 bits on many systems, hence the old
+functions SSL_SESSION_get_time() and SSL_SESSION_set_time() are not always
+Y2038 safe.
+
=head1 SEE ALSO
L<ssl(7)>,
=head1 COPYRIGHT
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version);
+__owur time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s);
+__owur time_t SSL_SESSION_set_time_ex(SSL_SESSION *s, time_t t);
+
__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
}
long SSL_SESSION_get_time(const SSL_SESSION *s)
+{
+ return (long) SSL_SESSION_get_time_ex(s);
+}
+
+time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s)
{
if (s == NULL)
return 0;
- return (long)ossl_time_to_time_t(s->time);
+ return ossl_time_to_time_t(s->time);
}
-long SSL_SESSION_set_time(SSL_SESSION *s, long t)
+time_t SSL_SESSION_set_time_ex(SSL_SESSION *s, time_t t)
{
- OSSL_TIME new_time = ossl_time_from_time_t((time_t)t);
+ OSSL_TIME new_time = ossl_time_from_time_t(t);
if (s == NULL)
return 0;
return t;
}
+long SSL_SESSION_set_time(SSL_SESSION *s, long t)
+{
+ return (long) SSL_SESSION_set_time_ex(s, (time_t) t);
+}
+
int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
{
return s->ssl_version;
return 1;
artificial_ticket_time--;
- if (SSL_SESSION_set_time(sess, SSL_SESSION_get_time(sess) - 10) == 0)
+ if (SSL_SESSION_set_time_ex(sess, SSL_SESSION_get_time_ex(sess) - 10) == 0)
return 0;
return 1;
* gave it on the server side
*/
if (artificial
- && !TEST_long_gt(SSL_SESSION_set_time(*sess,
- SSL_SESSION_get_time(*sess) - 10), 0))
+ && !TEST_time_t_gt(SSL_SESSION_set_time_ex(*sess,
+ SSL_SESSION_get_time_ex(*sess) - 10), 0))
return 0;
if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl,
SSL_get_value_uint ? 3_3_0 EXIST::FUNCTION:
SSL_set_value_uint ? 3_3_0 EXIST::FUNCTION:
SSL_poll ? 3_3_0 EXIST::FUNCTION:
+SSL_SESSION_get_time_ex ? 3_3_0 EXIST::FUNCTION:
+SSL_SESSION_set_time_ex ? 3_3_0 EXIST::FUNCTION: