From 8c20a74c90964b7bd76144fe8dbde15f227d9a04 Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Thu, 2 Mar 2023 15:49:55 +0100 Subject: [PATCH] BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback In the OCSP response callback, instead of using the actual date of the system, the scheduler's 'now' timer is used when checking a response's validity. This patch can be backported to all stable versions. --- src/ssl_ocsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c index 9ad81b28e..9e507997c 100644 --- a/src/ssl_ocsp.c +++ b/src/ssl_ocsp.c @@ -160,7 +160,7 @@ int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg) if (!ocsp || !ocsp->response.area || !ocsp->response.data || - (ocsp->expire < now.tv_sec)) + (ocsp->expire < date.tv_sec)) return SSL_TLSEXT_ERR_NOACK; ssl_buf = OPENSSL_malloc(ocsp->response.data);