CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds

This resulted in the SCT timestamp check always failing, because the timestamp appeared to be in the future. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3138)
author: Rob Percival <robpercival@google.com> 2017-04-04 23:24:28 +0100
committer: Richard Levitte <levitte@openssl.org> 2017-04-12 19:08:57 +0200
commit: 6a71e06d7aa02b857c8650aa94f6efd9d6531872 (patch)
tree: 8809ac0e720a4dbbfa038b1e192ac296a72031cd /ssl
parent: 2094ea070a1fb6aa06b8e939e6cb735edc2c178b (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 4f4eba104a..4de2b47455 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4361,7 +4361,8 @@ int ssl_validate_ct(SSL *s)
     CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
     CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
     CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
-    CT_POLICY_EVAL_CTX_set_time(ctx, SSL_SESSION_get_time(SSL_get0_session(s)));
+    CT_POLICY_EVAL_CTX_set_time(
+            ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
 
     scts = SSL_get0_peer_scts(s);
author	Rob Percival <robpercival@google.com>	2017-04-04 23:24:28 +0100
committer	Richard Levitte <levitte@openssl.org>	2017-04-12 19:08:57 +0200
commit	6a71e06d7aa02b857c8650aa94f6efd9d6531872 (patch)
tree	8809ac0e720a4dbbfa038b1e192ac296a72031cd /ssl
parent	2094ea070a1fb6aa06b8e939e6cb735edc2c178b (diff)