diff options
| author | beck <> | 2016-06-25 16:10:26 +0000 |
|---|---|---|
| committer | beck <> | 2016-06-25 16:10:26 +0000 |
| commit | 783006207145068e182de503ec58feabf7c79aaf (patch) | |
| tree | a2501be7408a7472810ff5c3a6e4767a6f11bffb | |
| parent | e3be7f350ab12561f21fccc6641ed88238c551f4 (diff) | |
| download | openbsd-783006207145068e182de503ec58feabf7c79aaf.tar.gz openbsd-783006207145068e182de503ec58feabf7c79aaf.tar.bz2 openbsd-783006207145068e182de503ec58feabf7c79aaf.zip | |
Fix from kinichiro.inoguchi@gmail.com to ensure that OCSP uses
Generalized Time on requests as per RFC6960
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp_srv.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ocsp/ocsp_srv.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_srv.c b/src/lib/libcrypto/ocsp/ocsp_srv.c index 8f28916757..1f8aa3141e 100644 --- a/src/lib/libcrypto/ocsp/ocsp_srv.c +++ b/src/lib/libcrypto/ocsp/ocsp_srv.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ocsp_srv.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */ | 1 | /* $OpenBSD: ocsp_srv.c,v 1.8 2016/06/25 16:10:26 beck Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2001. | 3 | * project 2001. |
| 4 | */ | 4 | */ |
| @@ -260,7 +260,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, | |||
| 260 | } | 260 | } |
| 261 | 261 | ||
| 262 | if (!(flags & OCSP_NOTIME) && | 262 | if (!(flags & OCSP_NOTIME) && |
| 263 | !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) | 263 | !ASN1_GENERALIZEDTIME_set(brsp->tbsResponseData->producedAt, time(NULL))) |
| 264 | goto err; | 264 | goto err; |
| 265 | 265 | ||
| 266 | /* Right now, I think that not doing double hashing is the right | 266 | /* Right now, I think that not doing double hashing is the right |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c b/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c index 8f28916757..1f8aa3141e 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ocsp_srv.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */ | 1 | /* $OpenBSD: ocsp_srv.c,v 1.8 2016/06/25 16:10:26 beck Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2001. | 3 | * project 2001. |
| 4 | */ | 4 | */ |
| @@ -260,7 +260,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, | |||
| 260 | } | 260 | } |
| 261 | 261 | ||
| 262 | if (!(flags & OCSP_NOTIME) && | 262 | if (!(flags & OCSP_NOTIME) && |
| 263 | !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) | 263 | !ASN1_GENERALIZEDTIME_set(brsp->tbsResponseData->producedAt, time(NULL))) |
| 264 | goto err; | 264 | goto err; |
| 265 | 265 | ||
| 266 | /* Right now, I think that not doing double hashing is the right | 266 | /* Right now, I think that not doing double hashing is the right |