From dabb85ceb5ef9d7bf3705bab854ecdbf0d6f538b Mon Sep 17 00:00:00 2001
From: Maxim Fedorov <dane@whatsapp.com>
Date: Wed, 17 Oct 2018 20:30:12 -0700
Subject: ssl: fix timezone-related bug in ssl_pem_cache

Caught with unit test in ssl_pem_cache_SUITE.
When local timezone is PST (Pacific Standard Time), PEM cache was not evicting
expired entries due to file time converstion was done using
calendar:now_to_datetime, while file modification time is actually in local time.
Use os:system_time() to align with file_info modified time.
---
 lib/ssl/src/ssl_pem_cache.erl | 23 +++++++----------------
 1 file changed, 7 insertions(+), 16 deletions(-)

diff --git a/lib/ssl/src/ssl_pem_cache.erl b/lib/ssl/src/ssl_pem_cache.erl
index b7d23ef01e..41bca2f7b5 100644
--- a/lib/ssl/src/ssl_pem_cache.erl
+++ b/lib/ssl/src/ssl_pem_cache.erl
@@ -45,7 +45,7 @@
 
 -record(state, {
 	  pem_cache,                  
-	  last_pem_check             :: erlang:timestamp(),
+	  last_pem_check             :: integer(),
 	  clear            :: integer()
 	 }).
 
@@ -134,8 +134,9 @@ init([Name]) ->
     PemCache = ssl_pkix_db:create_pem_cache(Name),
     Interval = pem_check_interval(),
     erlang:send_after(Interval, self(), clear_pem_cache),
+    erlang:system_time(second),
     {ok, #state{pem_cache = PemCache,
-		last_pem_check =  os:timestamp(),
+		last_pem_check =  erlang:convert_time_unit(os:system_time(), native, second),
 		clear = Interval 	
 	       }}.
 
@@ -183,7 +184,7 @@ handle_cast({invalidate_pem, File}, #state{pem_cache = Db} = State) ->
 handle_info(clear_pem_cache, #state{pem_cache = PemCache,
 				    clear = Interval,
 				    last_pem_check = CheckPoint} = State) ->
-    NewCheckPoint = os:timestamp(),
+    NewCheckPoint = erlang:convert_time_unit(os:system_time(), native, second),
     start_pem_cache_validator(PemCache, CheckPoint),
     erlang:send_after(Interval, self(), clear_pem_cache),
     {noreply, State#state{last_pem_check = NewCheckPoint}};
@@ -229,24 +230,14 @@ init_pem_cache_validator([CacheName, PemCache, CheckPoint]) ->
 		      CheckPoint, PemCache).
 
 pem_cache_validate({File, _}, CheckPoint) ->
-    case file:read_file_info(File, []) of
-	{ok, #file_info{mtime = Time}} ->
-	    case is_before_checkpoint(Time, CheckPoint) of
-		true ->
-		    ok;
-		false ->
-		    invalidate_pem(File)
-	    end;
+    case file:read_file_info(File, [{time, posix}]) of
+	{ok, #file_info{mtime = Time}} when Time < CheckPoint ->
+	    ok;
 	_  ->
 	    invalidate_pem(File)
     end,
     CheckPoint.
 
-is_before_checkpoint(Time, CheckPoint) ->
-    calendar:datetime_to_gregorian_seconds(
-      calendar:now_to_datetime(CheckPoint)) -
-	calendar:datetime_to_gregorian_seconds(Time) > 0.
-
 pem_check_interval() ->
     case application:get_env(ssl, ssl_pem_cache_clean) of
 	{ok, Interval} when is_integer(Interval) ->
-- 
cgit v1.2.3