ssl_ticket.c: Base ticket age check on the ticket creation time Signed-off-by: Ronald Cron <ronald.cron@arm.com>

commit: 3c0072b58e1a6ff4678ef79ff367e6dae848278b [log] [tgz]
author: Ronald Cron <ronald.cron@arm.com> Wed Nov 22 10:00:14 2023 +0100
committer: Ronald Cron <ronald.cron@arm.com> Mon Jan 15 10:29:51 2024 +0100
tree: 682d190a9ce9cb3f9e5ed91e8d3a01e5def77239
parent: c57f86e1322bc18e5a817ea0b087d82e273af8fb [diff] [blame]
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index fa1f478..ceb07ba 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c

@@ -3140,10 +3140,6 @@
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> prepare NewSessionTicket msg"));
 
-#if defined(MBEDTLS_HAVE_TIME)
-    session->ticket_creation_time = mbedtls_ms_time();
-#endif
-
     /* Set ticket_flags depends on the advertised psk key exchange mode */
     mbedtls_ssl_tls13_session_clear_ticket_flags(
         session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
@@ -3278,6 +3274,9 @@
     MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4 + 4 + 1 + ticket_nonce_size + 2);
 
     /* Generate ticket and ticket_lifetime */
+#if defined(MBEDTLS_HAVE_TIME)
+    session->ticket_creation_time = mbedtls_ms_time();
+#endif
     ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket,
                                     session,
                                     p + 9 + ticket_nonce_size + 2,
commit	3c0072b58e1a6ff4678ef79ff367e6dae848278b	[log] [tgz]
author	Ronald Cron <ronald.cron@arm.com>	Wed Nov 22 10:00:14 2023 +0100
committer	Ronald Cron <ronald.cron@arm.com>	Mon Jan 15 10:29:51 2024 +0100
tree	682d190a9ce9cb3f9e5ed91e8d3a01e5def77239
parent	c57f86e1322bc18e5a817ea0b087d82e273af8fb [diff] [blame]