Only use BoringSSL time callback in unit tests.

webrtc/base/opensslstreamadapter.cc

Index: webrtc/base/opensslstreamadapter.cc
diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
index 6943cd32ff0e495ea0a7e7d5b4980be714b56637..873f7b1398749d3d27fe420583abe1fc06bd8493 100644
--- a/webrtc/base/opensslstreamadapter.cc
+++ b/webrtc/base/opensslstreamadapter.cc
@@ -38,6 +38,10 @@
 #include "webrtc/base/timeutils.h"
 #include "webrtc/base/thread.h"
 
+namespace {
+  bool g_use_time_callback_for_testing = false;
+}
+
 namespace rtc {
 
 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L)
@@ -63,7 +67,8 @@ static SrtpCipherMapEntry SrtpCipherMap[] = {
 #endif
 
 #ifdef OPENSSL_IS_BORINGSSL
-static void TimeCallback(const SSL* ssl, struct timeval* out_clock) {
+// Not used in production code. Actual time should be relative to Jan 1, 1970.
+static void TimeCallbackForTesting(const SSL* ssl, struct timeval* out_clock) {
   int64_t time = TimeNanos();
   out_clock->tv_sec = time / kNumNanosecsPerSec;
   out_clock->tv_usec = (time % kNumNanosecsPerSec) / kNumNanosecsPerMicrosec;
@@ -1059,10 +1064,9 @@ SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {
           DTLS1_2_VERSION : TLS1_2_VERSION);
       break;
   }
-  // Set a time callback for BoringSSL because:
-  // 1. Our time function is more accurate (doesn't just use gettimeofday).
-  // 2. This allows us to inject a fake clock for testing.
-  SSL_CTX_set_current_time_cb(ctx, &TimeCallback);
+  if (g_use_time_callback_for_testing) {
+    SSL_CTX_set_current_time_cb(ctx, &TimeCallbackForTesting);
+  }
 #endif
 
   if (identity_ && !identity_->ConfigureIdentity(ctx)) {
@@ -1263,6 +1267,10 @@ bool OpenSSLStreamAdapter::IsAcceptableCipher(const std::string& cipher,
   return false;
 }
 
+void OpenSSLStreamAdapter::enable_time_callback_for_testing() {
+  g_use_time_callback_for_testing = true;
+}
+
 }  // namespace rtc
 
 #endif  // HAVE_OPENSSL_SSL_H