Prevent Y2038 bug by using SSL_SESSION_get_time_ex

notroj · notroj · commit 17ee196fbb6c · 2026-03-02T11:17:51.000Z
The previous function is deprecated, see: * openssl/openssl@00a6d07 * openssl/openssl#23648 * openssl/openssl#21206 Implement check for the OpenSSL version Submitted by: Daniel Ruf <daniel daniel-ruf.de> Github: closes #607 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1932104 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/changes-entries/ssl-sess-y2k.txt b/changes-entries/ssl-sess-y2k.txt
@@ -0,0 +1,2 @@
+  *) mod_ssl: Prevent Y2K bug in session handling on 32-bit platforms
+     with a 64-bit time_t.  [Daniel Ruf <daniel daniel-ruf.de>]
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
@@ -1965,10 +1965,17 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
     idlen = session->session_id_length;
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= 0x30300000
+    rc = ssl_scache_store(s, id, idlen,
+                          apr_time_from_sec(SSL_SESSION_get_time_ex(session)
+                                            + timeout),
+                          session, conn->pool);
+#else
     rc = ssl_scache_store(s, id, idlen,
                           apr_time_from_sec(SSL_SESSION_get_time(session)
                                           + timeout),
                           session, conn->pool);
+#endif
 
     ssl_session_log(s, "SET", id, idlen,
                     rc == TRUE ? "OK" : "BAD",

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+ *) mod_ssl: Prevent Y2K bug in session handling on 32-bit platforms`
	`2`	`+ with a 64-bit time_t. [Daniel Ruf <daniel daniel-ruf.de>]`