SSL: usage of SSL_SESSION_get_time_ex() with OpenSSL 3.3+.

In OpenSSL, SSL_SESSION_get_time() and SSL_SESSION_set_time() functions
use "long" to store seconds since the Epoch, which makes these functions
problematic after Y2038 on 32-bit platforms, and, more importantly, on
64-bit platforms with 32-bit long (notably Windows).

Note that there is no such problem in BoringSSL, which uses uint64_t
instead of "long".  LibreSSL also uses "long", but it does not support
TLSv1.3 session resumption anyway, hence this is not an issue.

Fix is to use SSL_SESSION_get_time_ex() and SSL_SESSION_set_time_ex()
functions introduced in OpenSSL 3.3 when these are available.

Prodded by MSVC with C4244 warnings (conversion from 'type1' to 'type2',
possible loss of data) enabled.

Author: mdounin

src/event/ngx_event_openssl.c

@@ -1190,7 +1190,7 @@ ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret)
 
             } else {
                 SSL_SESSION_set_time(sess, now);
-                SSL_SESSION_set_timeout(sess, timeout - (now - time));
+                SSL_SESSION_set_timeout(sess, (long) (timeout - (now - time)));
             }
         }
     }

src/event/ngx_event_openssl.h

@@ -83,6 +83,12 @@
 #endif
 
 
+#if (OPENSSL_VERSION_NUMBER > 0x30300000L)
+#define SSL_SESSION_get_time(s)      SSL_SESSION_get_time_ex(s)
+#define SSL_SESSION_set_time(s, t)   SSL_SESSION_set_time_ex(s, t)
+#endif
+
+
 typedef struct ngx_ssl_ocsp_s  ngx_ssl_ocsp_t;