On Wed, Feb 10, 2016 at 11:26:14AM +0000, Nick Lowe wrote: > Switch from os_get_time(...) to os_get_reltime(...) to avoid > malfunction if-and-when the system clock shifts. > src/eap_server/eap_server_fast.c | 8 ++++---- > diff --git a/src/eap_server/eap_server_fast.c b/src/eap_server/eap_server_fast.c > @@ -127,7 +127,7 @@ static int eap_fast_session_ticket_cb(void *ctx, > - struct os_time now; > + struct os_reltime now; > - if (os_get_time(&now) < 0 || lifetime <= 0 || now.sec > lifetime) { > + if (os_get_reltime(&now) < 0 || lifetime <= 0 || now.sec > lifetime) { > wpa_printf(MSG_DEBUG, "EAP-FAST: PAC-Key not valid anymore " This does not look appropriate. The lifetime is stored at the client side and this needs to work after the server boot (which would clear reltime) and this also needs to work with multiple servers (it is possible to share the same PAC encryption key between multiple authentication servers). In other words, this really needs to be the correct calendar time and system clocks needs to be synced correctly for this to work. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap