From 4982f465586aaef0f7d4941e5c885e3eaadd3980 Mon Sep 17 00:00:00 2001 From: Daniel Ruf Date: Thu, 26 Feb 2026 12:17:02 +0100 Subject: [PATCH 1/2] Prevent Y2038 bug by using SSL_SESSION_get_time_ex The previous function is deprecated, see: * https://github.com/openssl/openssl/commit/00a6d0743a38e179f5f9b5de4b73be9fcec0bb4c * https://github.com/openssl/openssl/issues/23648 * https://github.com/openssl/openssl/pull/21206 --- modules/ssl/ssl_engine_kernel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 513923c87bf..158380ab989 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1966,7 +1966,7 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session) #endif rc = ssl_scache_store(s, id, idlen, - apr_time_from_sec(SSL_SESSION_get_time(session) + apr_time_from_sec(SSL_SESSION_get_time_ex(session) + timeout), session, conn->pool); From 3d65cbf9d8273e8275f874fc0a0775b2fde10df6 Mon Sep 17 00:00:00 2001 From: Daniel Ruf Date: Sat, 28 Feb 2026 14:22:45 +0100 Subject: [PATCH 2/2] Implement check for the OpenSSL version --- modules/ssl/ssl_engine_kernel.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 158380ab989..604778486b0 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1965,10 +1965,17 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session) idlen = session->session_id_length; #endif +#if OPENSSL_VERSION_NUMBER >= 0x30300000 rc = ssl_scache_store(s, id, idlen, apr_time_from_sec(SSL_SESSION_get_time_ex(session) + timeout), session, conn->pool); +#else + rc = ssl_scache_store(s, id, idlen, + apr_time_from_sec(SSL_SESSION_get_time(session) + + timeout), + session, conn->pool); +#endif ssl_session_log(s, "SET", id, idlen, rc == TRUE ? "OK" : "BAD",