daemon/tls session tickets: avoid bad scheduling cycles

This should fix #385: possible floods with
> scheduling rotation check in 0 ms

diff --git a/NEWS b/NEWS
index a2fea9e349ce75d0d447bf3cadb4aa051e377045..a2f7ee5853a8410a9b3cf2a8a41ade0685e590ee 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,8 @@
+Bugfixes
+--------
+- TLS session resumption: avoid bad scheduling of rotation (#385)
+
+
 Knot Resolver 2.4.0 (2018-07-03)
 ================================
 

diff --git a/daemon/tls_session_ticket-srv.c b/daemon/tls_session_ticket-srv.c
index 9c7acbb1816bb8d14a6f506b9a1ca36133c4227d..ff1471b7d5672bf50a00da07f7e59abb5a47bfcd 100644 (file)
--- a/daemon/tls_session_ticket-srv.c
+++ b/daemon/tls_session_ticket-srv.c
@@ -207,7 +207,8 @@ static void tst_key_check(uv_timer_t *timer, bool force_update)
        const time_t tv_sec_next = (epoch + 1) * TST_KEY_LIFETIME;
        const uint64_t ms_until_second = 1000 - (now.tv_usec + 501) / 1000;
        const uint64_t remain_ms = (tv_sec_next - now.tv_sec - 1) * (uint64_t)1000
-                                + ms_until_second;
+                                + ms_until_second + 1;
+       /* ^ +1 because we don't want to wake up half a millisecond before the epoch! */
        assert(remain_ms < (TST_KEY_LIFETIME + 1 /*rounding tolerance*/) * 1000);
        kr_log_verbose("[tls] session ticket: epoch %"PRIu64
                        ", scheduling rotation check in %"PRIu64" ms\n",