Prevent Y2038 bug by using SSL_SESSION_get_time_ex

The previous function is deprecated, see:
* https://github.com/openssl/openssl/commit/00a6d0743a38e179f5f9b5de4b73be9fcec0bb4c
* https://github.com/openssl/openssl/issues/23648
* https://github.com/openssl/openssl/pull/21206
Implement check for the OpenSSL version

Submitted by: Daniel Ruf <daniel daniel-ruf.de>
Github: closes #607

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1932104 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/changes-entries/ssl-sess-y2k.txt b/changes-entries/ssl-sess-y2k.txt
new file mode 100644 (file)
index 0000000..151dcc3
--- /dev/null
+++ b/changes-entries/ssl-sess-y2k.txt
@@ -0,0 +1,2 @@
+  *) mod_ssl: Prevent Y2K bug in session handling on 32-bit platforms
+     with a 64-bit time_t.  [Daniel Ruf <daniel daniel-ruf.de>]

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 513923c87bf747e510ef24b1693ef470c7503ff7..569cb26c4d5265c3148a35e346619edcefd35703 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1965,10 +1965,17 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
     idlen = session->session_id_length;
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= 0x30300000
+    rc = ssl_scache_store(s, id, idlen,
+                          apr_time_from_sec(SSL_SESSION_get_time_ex(session)
+                                            + timeout),
+                          session, conn->pool);
+#else
     rc = ssl_scache_store(s, id, idlen,
                           apr_time_from_sec(SSL_SESSION_get_time(session)
                                           + timeout),
                           session, conn->pool);
+#endif
 
     ssl_session_log(s, "SET", id, idlen,
                     rc == TRUE ? "OK" : "BAD",