Hiya, I had problems with some ECH tests doing early data part of which seems to be an underlying bug. Happy to create a PR to fix if this is right, but figured worth checking I wasn't getting something wrong first. The issue seems to be interpreting ticket lifetimes on the server in seconds when those are in ms, but then comparing that to a ms expiry, giving basically ~1s for using any ticket. The fix seems to be this change (top one working) in ssl/statem/extensions_srvr.c: < age = ossl_time_subtract(ossl_ms2time(ticket_agel),< ossl_ms2time(sess->ext.tick_age_add));
--- > age = ossl_time_subtract(ossl_seconds2time(ticket_agel),> ossl_seconds2time(sess->ext.tick_age_add)
As I say if that's right, happy to make a PR but it seems a bit odd that that'd not have been caught in tests. (Though maybe automated tests all run too quickly to hit the problem?) Cheers, S.
Attachment:
OpenPGP_0xE4D8E9F997A833DD.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
