From c0074b3044c9628509288b780d36add7541156db Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Sat, 25 Feb 2012 08:07:12 +0000
Subject: [PATCH] Fixed issue with session id's in the future

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@224 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/tls1.c | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/ssl/tls1.c b/ssl/tls1.c
index 4bc71a21c..25405c825 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -1667,8 +1667,10 @@ SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[],
         {
             if (ssl_sessions[i])
             {
-                /* kill off any expired sessions */
-                if (tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME)
+                /* kill off any expired sessions (including those in 
+                   the future) */
+                if ((tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME) ||
+                            (tm < ssl_sessions[i]->conn_time))
                 {
                     session_free(ssl_sessions, i);
                     continue;
@@ -1712,13 +1714,9 @@ SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[],
     }
 
     /* ok, we've used up all of our sessions. So blow the oldest session away */
-    if (oldest_sess != NULL)
-    {
-        oldest_sess->conn_time = tm;
-        memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
-        memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
-    }
-
+    oldest_sess->conn_time = tm;
+    memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
+    memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
     SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
     return oldest_sess;
 }