diff options
author | Rob Percival <robpercival@google.com> | 2016-09-12 16:57:38 +0100 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-11-15 16:12:41 -0500 |
commit | e25233d99c30885bdf97bfb6df657e13ca2bf1da (patch) | |
tree | 9bc78e3cabc15508453c6add0d0a321da66273a3 | |
parent | 1871a5aa8a538c2b8ac3d302c1e9e72867f5ee0f (diff) |
Default CT_POLICY_EVAL_CTX.epoch_time_in_ms to time()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
-rw-r--r-- | crypto/ct/ct_policy.c | 7 | ||||
-rw-r--r-- | doc/man3/CT_POLICY_EVAL_CTX_new.pod | 4 |
2 files changed, 9 insertions, 2 deletions
diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c index 074589db93..d2f72c4a5a 100644 --- a/crypto/ct/ct_policy.c +++ b/crypto/ct/ct_policy.c @@ -13,18 +13,25 @@ #include <openssl/ct.h> #include <openssl/err.h> +#include <time.h> #include "ct_locl.h" CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void) { CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX)); + time_t epoch_time_in_s; if (ctx == NULL) { CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } + // Use the current time if available. + time(&epoch_time_in_s); + if (epoch_time_in_s != -1) + ctx->epoch_time_in_ms = epoch_time_in_s * 1000; + return ctx; } diff --git a/doc/man3/CT_POLICY_EVAL_CTX_new.pod b/doc/man3/CT_POLICY_EVAL_CTX_new.pod index fe25cd9cae..e0fb7c1ebc 100644 --- a/doc/man3/CT_POLICY_EVAL_CTX_new.pod +++ b/doc/man3/CT_POLICY_EVAL_CTX_new.pod @@ -68,8 +68,8 @@ CT_POLICY_EVAL_CTX. The SCT timestamp will be compared to this time to check whether the SCT was issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose -timestamp is in the future". Typically, the time provided to this function will -be the current time. +timestamp is in the future". By default, this will be set to the +current time (obtained by calling time()) if possible. The time should be in milliseconds since the Unix epoch. |