mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-09 21:44:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ssl_ticket.c: Remove pedantic server endpoint check

Browse Source 
When calculating the ticket age, remove the check
that the endpoint is a server. The module is
supposed to be used only server side. Furthermore,
if such check was necessary, it should be at the
beginning of all ssl_ticket.c APIs. As there is no
such protection in any API, just remove the check.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2023-11-22 08:14:07 +01:00
parent 3c3e2e62f6
commit e34f124ff1
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
library/ssl_ticket.c
View File

@ -498,10 +498,8 @@ int mbedtls_ssl_ticket_parse(void *p_ticket,
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
/* Check for expiration */
mbedtls_ms_time_t ticket_age = -1;
if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
ticket_age = mbedtls_ms_time() - session->ticket_creation_time;
}
mbedtls_ms_time_t ticket_age = mbedtls_ms_time() -
session->ticket_creation_time;
mbedtls_ms_time_t ticket_lifetime =
(mbedtls_ms_time_t) ctx->ticket_lifetime * 1000;