From: Joe Orton Date: Mon, 2 Mar 2026 11:17:51 +0000 (+0000) Subject: Prevent Y2038 bug by using SSL_SESSION_get_time_ex X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=17ee196fbb6c6d900631b5eb94d5371a0235a2ea;p=thirdparty%2Fapache%2Fhttpd.git Prevent Y2038 bug by using SSL_SESSION_get_time_ex The previous function is deprecated, see: * https://github.com/openssl/openssl/commit/00a6d0743a38e179f5f9b5de4b73be9fcec0bb4c * https://github.com/openssl/openssl/issues/23648 * https://github.com/openssl/openssl/pull/21206 Implement check for the OpenSSL version Submitted by: Daniel Ruf Github: closes #607 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1932104 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/changes-entries/ssl-sess-y2k.txt b/changes-entries/ssl-sess-y2k.txt new file mode 100644 index 0000000000..151dcc3c91 --- /dev/null +++ b/changes-entries/ssl-sess-y2k.txt @@ -0,0 +1,2 @@ + *) mod_ssl: Prevent Y2K bug in session handling on 32-bit platforms + with a 64-bit time_t. [Daniel Ruf ] diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 513923c87b..569cb26c4d 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1965,10 +1965,17 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session) idlen = session->session_id_length; #endif +#if OPENSSL_VERSION_NUMBER >= 0x30300000 + rc = ssl_scache_store(s, id, idlen, + apr_time_from_sec(SSL_SESSION_get_time_ex(session) + + timeout), + session, conn->pool); +#else rc = ssl_scache_store(s, id, idlen, apr_time_from_sec(SSL_SESSION_get_time(session) + timeout), session, conn->pool); +#endif ssl_session_log(s, "SET", id, idlen, rc == TRUE ? "OK" : "BAD",