Hiya, On 28/02/2023 16:34, Matt Caswell wrote:
It's a known master-only bug that I stumbled over myself independently yesterday.
Ah great. Cheers, S.
The fix is here: https://github.com/openssl/openssl/pull/20387 It got its final approval earlier today, so should go in tomorrow. Matt On 28/02/2023 16:32, Stephen Farrell wrote:Hiya, I had problems with some ECH tests doing early data part of which seems to be an underlying bug. Happy to create a PR to fix if this is right, but figured worth checking I wasn't getting something wrong first. The issue seems to be interpreting ticket lifetimes on the server in seconds when those are in ms, but then comparing that to a ms expiry, giving basically ~1s for using any ticket. The fix seems to be this change (top one working) in ssl/statem/extensions_srvr.c: < age = ossl_time_subtract(ossl_ms2time(ticket_agel), < ossl_ms2time(sess->ext.tick_age_add)); ---> age = ossl_time_subtract(ossl_seconds2time(ticket_agel),> ossl_seconds2time(sess->ext.tick_age_add) As I say if that's right, happy to make a PR but it seems a bit odd that that'd not have been caught in tests. (Though maybe automated tests all run too quickly to hit the problem?) Cheers, S.
Attachment:
OpenPGP_0xE4D8E9F997A833DD.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
