PR: 1618

Submitted by: steve@openssl.org Fix bug in 0.9.8-stable time handling in ca.c . NB: this only handles cases where times are not being checked or printed properly. Issues relating to time_t becoming negative or wrapping around are *NOT* addressed. OpenSSL 1.0.0 and later does fix these issues by using its own time routines.
author: Dr. Stephen Henson <steve@openssl.org> 2010-01-14 17:44:46 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-01-14 17:44:46 +0000
commit: 24fc4f656cadeef0e30f3c4d7d6a9e49672e40a1 (patch)
tree: 142340423e6a520e56954849941bfa5e83a02101 /apps
parent: c3c3b288187162b8b3609876398e720e292169fd (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/apps/ca.c b/apps/ca.c
index 72acaeaae4..651c5a648a 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2095,7 +2095,7 @@ again2:
 		}
 
 	BIO_printf(bio_err,"Certificate is to be certified until ");
-	ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
+	ASN1_TIME_print(bio_err,X509_get_notAfter(ret));
 	if (days) BIO_printf(bio_err," (%ld days)",days);
 	BIO_printf(bio_err, "\n");
 
@@ -2373,12 +2373,15 @@ err:
 
 static int check_time_format(const char *str)
 	{
-	ASN1_UTCTIME tm;
+	ASN1_TIME tm;
 
 	tm.data=(unsigned char *)str;
 	tm.length=strlen(str);
 	tm.type=V_ASN1_UTCTIME;
-	return(ASN1_UTCTIME_check(&tm));
+	if (ASN1_TIME_check(&tm))
+		return 1;
+	tm.type=V_ASN1_GENERALIZEDTIME;
+	return ASN1_TIME_check(&tm);
 	}
 
 static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
author	Dr. Stephen Henson <steve@openssl.org>	2010-01-14 17:44:46 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-01-14 17:44:46 +0000
commit	24fc4f656cadeef0e30f3c4d7d6a9e49672e40a1 (patch)
tree	142340423e6a520e56954849941bfa5e83a02101 /apps
parent	c3c3b288187162b8b3609876398e720e292169fd (diff)