From 32ea8e503dca2c91febd6afefcda58cc2f512c89 Mon Sep 17 00:00:00 2001
From: Stephan Hadinger <stephan.hadinger@gmail.com>
Date: Fri, 6 Nov 2020 21:37:38 +0100
Subject: [PATCH] Make TLS resilient to NTP failure

---
 tasmota/WiFiClientSecureLightBearSSL.cpp | 3 +++
 tasmota/settings.ino                     | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/tasmota/WiFiClientSecureLightBearSSL.cpp b/tasmota/WiFiClientSecureLightBearSSL.cpp
index 809524711..d7b53cf25 100755
--- a/tasmota/WiFiClientSecureLightBearSSL.cpp
+++ b/tasmota/WiFiClientSecureLightBearSSL.cpp
@@ -69,6 +69,7 @@ void _Log_heap_size(const char *msg) {
 
 // get UTC time from Tasmota
 extern uint32_t UtcTime(void);
+extern uint32_t CfgTime(void);
 
 // Stack thunked versions of calls
 // Initially in BearSSLHelpers.h
@@ -921,6 +922,8 @@ bool WiFiClientSecure_light::_connectSSL(const char* hostName) {
 		br_x509_minimal_set_hash(x509_minimal, br_sha256_ID, &br_sha256_vtable);
 		br_ssl_engine_set_x509(_eng, &x509_minimal->vtable);
     uint32_t now = UtcTime();
+    uint32_t cfg_time = CfgTime();
+    if (cfg_time > now) { now = cfg_time; }
     br_x509_minimal_set_time(x509_minimal, now / 86400 + 719528, now % 86400);
 
 	#else
diff --git a/tasmota/settings.ino b/tasmota/settings.ino
index 190840cc9..dce815948 100644
--- a/tasmota/settings.ino
+++ b/tasmota/settings.ino
@@ -613,6 +613,11 @@ void SettingsLoad(void) {
   RtcSettingsLoad();
 }
 
+// Used in TLS - returns the timestamp of the last Flash settings write
+uint32_t CfgTime(void) {
+  return Settings.cfg_timestamp;
+}
+
 void EspErase(uint32_t start_sector, uint32_t end_sector)
 {
   bool serial_output = (LOG_LEVEL_DEBUG_MORE <= TasmotaGlobal.seriallog_level);