diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2009-09-02 13:55:22 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2009-09-02 13:55:22 +0000 |
| commit | e5eb96c83a553288653a2b99ec78bc5d251ac7a7 (patch) | |
| tree | b612f95fa1f4ffc16182a508ce1471ab6ec06244 | |
| parent | 54ed003ace95df93c51f49fc0d6d446d957da97e (diff) | |
PR: 2013
Submitted by: steve@openssl.org
Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created.
This makes it possible to tell if the underlying type is UTCTime,
GeneralizedTime or Time when the structure is reused and X509_time_adj_ex()
can handle each case in an appropriate manner.
Add error checking to CRL generation in ca utility when nextUpdate is being
set.
| -rw-r--r-- | apps/ca.c | 7 | ||||
| -rw-r--r-- | crypto/asn1/asn1.h | 4 | ||||
| -rw-r--r-- | crypto/asn1/tasn_new.c | 6 | ||||
| -rw-r--r-- | crypto/x509/x509_vfy.c | 12 |
4 files changed, 23 insertions, 6 deletions
@@ -1403,7 +1403,12 @@ bad: if (!tmptm) goto err; X509_gmtime_adj(tmptm,0); X509_CRL_set_lastUpdate(crl, tmptm); - X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, NULL); + if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec, + NULL)) + { + BIO_puts(bio_err, "error setting CRL nextUpdate\n"); + goto err; + } X509_CRL_set_nextUpdate(crl, tmptm); ASN1_TIME_free(tmptm); diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index f202e23841..dfc6790ef6 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -230,6 +230,10 @@ typedef struct asn1_object_st */ #define ASN1_STRING_FLAG_CONT 0x020 +/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +#define ASN1_STRING_FLAG_MSTRING 0x040 /* This is the base type that holds just about everything :-) */ typedef struct asn1_string_st { diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index c816e51648..0d9e78cc7c 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -325,6 +325,7 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { ASN1_TYPE *typ; + ASN1_STRING *str; int utype; if (it && it->funcs) @@ -362,7 +363,10 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) break; default: - *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype); + str = ASN1_STRING_type_new(utype); + if (it->itype == ASN1_ITYPE_MSTRING && str) + str->flags |= ASN1_STRING_FLAG_MSTRING; + *pval = (ASN1_VALUE *)str; break; } if (*pval) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 200a9cc0b6..62b01441b6 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1765,10 +1765,14 @@ ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, else time(&t); if (s) type = s->type; - if (type == V_ASN1_UTCTIME) - return ASN1_UTCTIME_adj(s,t, offset_day, offset_sec); - if (type == V_ASN1_GENERALIZEDTIME) - return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); + if (!(s->flags & ASN1_STRING_FLAG_MSTRING)) + { + if (type == V_ASN1_UTCTIME) + return ASN1_UTCTIME_adj(s,t, offset_day, offset_sec); + if (type == V_ASN1_GENERALIZEDTIME) + return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, + offset_sec); + } return ASN1_TIME_adj(s, t, offset_day, offset_sec); } |