When SCT processing is enabled, OCSP stapling will be enabled. This is because
one possible source of SCTs is the OCSP response from a server.
-The time returned by SSL_SESSION_get_time() will be used to evaluate whether any
+The time returned by SSL_SESSION_get_time_ex() will be used to evaluate whether any
presented SCTs have timestamps that are in the future (and therefore invalid).
=head1 RESTRICTIONS
#include <openssl/ssl.h>
- long SSL_SESSION_get_time(const SSL_SESSION *s);
- long SSL_SESSION_set_time(SSL_SESSION *s, long tm);
long SSL_SESSION_get_timeout(const SSL_SESSION *s);
long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm);
- long SSL_get_time(const SSL_SESSION *s);
- long SSL_set_time(SSL_SESSION *s, long tm);
long SSL_get_timeout(const SSL_SESSION *s);
long SSL_set_timeout(SSL_SESSION *s, long tm);
time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s);
time_t SSL_SESSION_set_time_ex(SSL_SESSION *s, time_t tm);
+The following functions have been deprecated since OpenSSL 3.4, and can be
+hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
+see L<openssl_user_macros(7)>:
+
+ long SSL_SESSION_get_time(const SSL_SESSION *s);
+ long SSL_SESSION_set_time(SSL_SESSION *s, long tm);
+ long SSL_get_time(const SSL_SESSION *s);
+ long SSL_set_time(SSL_SESSION *s, long tm);
+
=head1 DESCRIPTION
-SSL_SESSION_get_time() returns the time at which the session B<s> was
+SSL_SESSION_get_time_ex() returns the time at which the session B<s> was
established. The time is given in seconds since the Epoch and therefore
compatible to the time delivered by the time() call.
-SSL_SESSION_set_time() replaces the creation time of the session B<s> with
+SSL_SESSION_set_time_ex() replaces the creation time of the session B<s> with
the chosen value B<tm>.
SSL_SESSION_get_timeout() returns the timeout value set for session B<s>
SSL_SESSION_set_timeout() sets the timeout value for session B<s> in seconds
to B<tm>.
-SSL_SESSION_get_time_ex() and SSL_SESSION_set_time_ex() extended functions use
-the time_t datatype instead of long to fix the Y2038 problem on systems with
-64 bit time_t type.
+SSL_SESSION_get_time() and SSL_SESSION_set_time() functions use
+the long datatype instead of time_t and are therefore deprecated due to not
+being Y2038-safe on 32 bit systems. Note that such systems still need
+to be configured to use 64 bit time_t to be able to avoid overflow in system time.
The SSL_get_time(), SSL_set_time(), SSL_get_timeout(), and SSL_set_timeout()
functions are synonyms for the SSL_SESSION_*() counterparts.
=head1 RETURN VALUES
-SSL_SESSION_get_time() and SSL_SESSION_get_timeout() return the currently
+SSL_SESSION_get_time_ex() and SSL_SESSION_get_timeout() return the currently
valid values.
-SSL_SESSION_set_time() and SSL_SESSION_set_timeout() return 1 on success.
+SSL_SESSION_set_time_ex() and SSL_SESSION_set_timeout() return 1 on success.
If any of the function is passed the NULL pointer for the session B<s>,
0 is returned.
__owur const char *SSL_rstate_string(const SSL *s);
__owur const char *SSL_state_string_long(const SSL *s);
__owur const char *SSL_rstate_string_long(const SSL *s);
+
+#ifndef OPENSSL_NO_DEPRECATED_3_4
+OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_SESSION_get_time_ex()")
__owur long SSL_SESSION_get_time(const SSL_SESSION *s);
+OSSL_DEPRECATEDIN_3_4_FOR("not Y2038-safe, replace with SSL_SESSION_set_time_ex()")
__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
+#endif
__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx,
SSL_CONNECTION_GET_CTX(s)->ctlog_store);
CT_POLICY_EVAL_CTX_set_time(
- ctx, (uint64_t)SSL_SESSION_get_time(s->session) * 1000);
+ ctx, (uint64_t)SSL_SESSION_get_time_ex(s->session) * 1000);
scts = SSL_get0_peer_scts(SSL_CONNECTION_GET_SSL(s));
return (long)ossl_time_to_time_t(s->timeout);
}
+#ifndef OPENSSL_NO_DEPRECATED_3_4
long SSL_SESSION_get_time(const SSL_SESSION *s)
{
return (long) SSL_SESSION_get_time_ex(s);
}
+#endif
time_t SSL_SESSION_get_time_ex(const SSL_SESSION *s)
{
return t;
}
+#ifndef OPENSSL_NO_DEPRECATED_3_4
long SSL_SESSION_set_time(SSL_SESSION *s, long t)
{
return (long) SSL_SESSION_set_time_ex(s, (time_t) t);
}
+#endif
int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
{
* We reset the creation time so that we don't discard the session as
* too old.
*/
- if (!TEST_true(SSL_SESSION_set_time(sess, (long)time(NULL)))
+ if (!TEST_true(SSL_SESSION_set_time_ex(sess, time(NULL)))
|| !TEST_true(SSL_set_session(con, sess)))
goto end;
}
*/
/* Make sess1 expire before sess2 */
- if (!TEST_long_gt(SSL_SESSION_set_time(sess1, 1000), 0)
+ if (!TEST_time_t_gt(SSL_SESSION_set_time_ex(sess1, 1000), 0)
|| !TEST_long_gt(SSL_SESSION_set_timeout(sess1, 1000), 0)
- || !TEST_long_gt(SSL_SESSION_set_time(sess2, 2000), 0)
+ || !TEST_time_t_gt(SSL_SESSION_set_time_ex(sess2, 2000), 0)
|| !TEST_long_gt(SSL_SESSION_set_timeout(sess2, 2000), 0))
goto end;
* time. It could be any value as long as it is not within tolerance.
* This should mean the ticket is rejected.
*/
- if (!TEST_true(SSL_SESSION_set_time(sess, (long)(time(NULL) - 20))))
+ if (!TEST_true(SSL_SESSION_set_time_ex(sess, time(NULL) - 20)))
goto end;
}
SSL_SESSION *late = NULL;
SSL_CTX *ctx;
int testresult = 0;
- long now = (long)time(NULL);
+ time_t now = time(NULL);
#define TIMEOUT 10
if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_method()))
|| !TEST_ptr(late->prev))
goto end;
- if (!TEST_int_ne(SSL_SESSION_set_time(early, now - 10), 0)
- || !TEST_int_ne(SSL_SESSION_set_time(middle, now), 0)
- || !TEST_int_ne(SSL_SESSION_set_time(late, now + 10), 0))
+ if (!TEST_time_t_ne(SSL_SESSION_set_time_ex(early, now - 10), 0)
+ || !TEST_time_t_ne(SSL_SESSION_set_time_ex(middle, now), 0)
+ || !TEST_time_t_ne(SSL_SESSION_set_time_ex(late, now + 10), 0))
goto end;
if (!TEST_int_ne(SSL_SESSION_set_timeout(early, TIMEOUT), 0)
/* make sure |now| is NOT equal to the current time */
now -= 10;
- if (!TEST_int_ne(SSL_SESSION_set_time(early, now), 0)
+ if (!TEST_time_t_ne(SSL_SESSION_set_time_ex(early, now), 0)
|| !TEST_int_eq(SSL_CTX_add_session(ctx, early), 1)
- || !TEST_long_ne(SSL_SESSION_get_time(early), now))
+ || !TEST_time_t_ne(SSL_SESSION_get_time_ex(early), now))
goto end;
testresult = 1;
SSL_SRP_CTX_init 148 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
ERR_load_SSL_strings 149 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
SSL_CTX_SRP_CTX_init 150 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,SRP
-SSL_SESSION_set_time 151 3_0_0 EXIST::FUNCTION:
+SSL_SESSION_set_time 151 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_4
i2d_SSL_SESSION 152 3_0_0 EXIST::FUNCTION:
SSL_SESSION_get_master_key 153 3_0_0 EXIST::FUNCTION:
SSL_COMP_get_compression_methods 154 3_0_0 EXIST::FUNCTION:
SSL_CIPHER_get_id 247 3_0_0 EXIST::FUNCTION:
SSL_SESSION_print_keylog 248 3_0_0 EXIST::FUNCTION:
SSL_CTX_set_psk_client_callback 249 3_0_0 EXIST::FUNCTION:PSK
-SSL_SESSION_get_time 250 3_0_0 EXIST::FUNCTION:
+SSL_SESSION_get_time 250 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_4
SSL_set_debug 251 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
SSL_get_security_level 252 3_0_0 EXIST::FUNCTION:
SSL_CIPHER_description 253 3_0_0 EXIST::FUNCTION:
projects / thirdparty / openssl.git / commitdiff
