Workaround anti replay fail of GnuTLS
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 08d4924..b8ca482 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -947,6 +947,16 @@
uint32_t obfuscated_ticket_age =
(uint32_t)( now - session->ticket_received );
+ /* Workaround for anti replay fail of GnuTLS server.
+ *
+ * The time unit of ticket age is milliseconds, but current unit is
+ * seconds. If the ticket was received at the end of first second and
+ * sent in next second, GnuTLS think it is replay attack.
+ *
+ */
+ if( obfuscated_ticket_age > 0 )
+ obfuscated_ticket_age -= 1;
+
obfuscated_ticket_age *= 1000;
obfuscated_ticket_age += session->ticket_age_add;