diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-01-14 17:44:46 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-01-14 17:44:46 +0000 |
commit | 24fc4f656cadeef0e30f3c4d7d6a9e49672e40a1 (patch) | |
tree | 142340423e6a520e56954849941bfa5e83a02101 /apps | |
parent | c3c3b288187162b8b3609876398e720e292169fd (diff) |
PR: 1618
Submitted by: steve@openssl.org
Fix bug in 0.9.8-stable time handling in ca.c . NB: this only handles cases
where times are not being checked or printed properly. Issues relating to
time_t becoming negative or wrapping around are *NOT* addressed. OpenSSL
1.0.0 and later does fix these issues by using its own time routines.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/ca.c | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -2095,7 +2095,7 @@ again2: } BIO_printf(bio_err,"Certificate is to be certified until "); - ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); + ASN1_TIME_print(bio_err,X509_get_notAfter(ret)); if (days) BIO_printf(bio_err," (%ld days)",days); BIO_printf(bio_err, "\n"); @@ -2373,12 +2373,15 @@ err: static int check_time_format(const char *str) { - ASN1_UTCTIME tm; + ASN1_TIME tm; tm.data=(unsigned char *)str; tm.length=strlen(str); tm.type=V_ASN1_UTCTIME; - return(ASN1_UTCTIME_check(&tm)); + if (ASN1_TIME_check(&tm)) + return 1; + tm.type=V_ASN1_GENERALIZEDTIME; + return ASN1_TIME_check(&tm); } static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) |