From e34f124ff107783c31c18308af8fd9febc2b74eb Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 22 Nov 2023 08:14:07 +0100 Subject: [PATCH] ssl_ticket.c: Remove pedantic server endpoint check When calculating the ticket age, remove the check that the endpoint is a server. The module is supposed to be used only server side. Furthermore, if such check was necessary, it should be at the beginning of all ssl_ticket.c APIs. As there is no such protection in any API, just remove the check. Signed-off-by: Ronald Cron --- library/ssl_ticket.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index b47af86133..e47cf42ec9 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -498,10 +498,8 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { /* Check for expiration */ - mbedtls_ms_time_t ticket_age = -1; - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - ticket_age = mbedtls_ms_time() - session->ticket_creation_time; - } + mbedtls_ms_time_t ticket_age = mbedtls_ms_time() - + session->ticket_creation_time; mbedtls_ms_time_t ticket_lifetime = (mbedtls_ms_time_t) ctx->ticket_lifetime * 1000;