On Thu, Dec 29, 2005 at 02:44:18PM +0100, Peter Sylvester wrote:
>
> I saw in the lastest snapshots that in the ssl library the fundction
> time has been casted to an unsigned long.
> This seems to be some hack to cover the 2038 problem on 32 bit machines.
> I am not sure
> whether the attempted solution is good:
>
> As far as I see the only usage is to determine whether a timeout has
> occured. How much can a
> session last? More than 20 years? If not, I think one should define a
> notion of epoch which
> covers the problem that it seems to be undefined whether in 2038 the
> value goes to 0 or to
> a large negative value depending on the implementation. I.e.
> the time is also initialized with time(NULL)|x3fffffff
> and in ssl_sess.c
> if (ret->time+ter->timeout < (time(NULL) | x7fffffff)
> and similar in ssl_bio etc.


The proper way to do a check for a timeout is:
time(NULL) - ret->time > ter->timeout

Or something simular, the important part is the substraction of
the 2 time variables.

This will avoid any problems you have with overflows. If
time(NULL) has overflown, the substraction of time(NULL) with
ret->time will still give a positive number.


PS: Depending on the platform, time_t can be signed or unsigned.


Kurt

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org