diff options
author | Rob Percival <robpercival@google.com> | 2017-04-04 23:24:28 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-04-26 16:33:55 +0100 |
commit | 56e5d5498d557fe1ab0a360ddcda2931d976ec62 (patch) | |
tree | f163cc8bf3843cd74d1a9f7bfbb052bfccb764ee /ssl | |
parent | e23a4e98a90c448a196aede3edeb7802ed0da121 (diff) |
CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds
This resulted in the SCT timestamp check always failing, because the
timestamp appeared to be in the future.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3260)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 9cfebeac01..fc651bb5d1 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4183,7 +4183,8 @@ int ssl_validate_ct(SSL *s) CT_POLICY_EVAL_CTX_set1_cert(ctx, cert); CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer); CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store); - CT_POLICY_EVAL_CTX_set_time(ctx, SSL_SESSION_get_time(SSL_get0_session(s))); + CT_POLICY_EVAL_CTX_set_time( + ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000); scts = SSL_get0_peer_scts(s); |