Make the symbol for ASN1_time_tm_clamp_notafter visible so libtls

can get at it, so libtls can also deal with notafter's past the realm of 32 bit time in portable
author: beck <> 2017-08-27 01:39:26 +0000
committer: beck <> 2017-08-27 01:39:26 +0000
commit: ec59f338ce2a8842a8478c243e444aefb1459dfa (patch)
tree: d1b38b4c95049fecffbe49d28ff755942f4edad7
parent: 4d875aa977b8bbe9969527101d0f2d7d67a77b0b (diff)
download: openbsd-ec59f338ce2a8842a8478c243e444aefb1459dfa.tar.gz
openbsd-ec59f338ce2a8842a8478c243e444aefb1459dfa.tar.bz2
openbsd-ec59f338ce2a8842a8478c243e444aefb1459dfa.zip
4 files changed, 10 insertions, 5 deletions
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index 2b8557b16a..94442cc5e3 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -214,6 +214,7 @@ ASN1_template_free
 ASN1_template_i2d
 ASN1_template_new
 ASN1_time_parse
+ASN1_time_tm_clamp_notafter
 ASN1_time_tm_cmp
 ASN1_unpack_string
 AUTHORITY_INFO_ACCESS_free
diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h
index 68f71dfc4a..aa35f7b8fc 100644
--- a/src/lib/libcrypto/asn1/asn1_locl.h
+++ b/src/lib/libcrypto/asn1/asn1_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_locl.h,v 1.9 2017/08/13 19:47:49 beck Exp $ */
+/* $OpenBSD: asn1_locl.h,v 1.10 2017/08/27 01:39:26 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -152,6 +152,4 @@ struct x509_crl_method_st {
 int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
 int UTF8_putc(unsigned char *str, int len, unsigned long value);
-int ASN1_time_tm_clamp_notafter(struct tm *tm);
 __END_HIDDEN_DECLS
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 23ecf63d60..8efff680c1 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.65 2017/08/13 19:47:49 beck Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.66 2017/08/27 01:39:26 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -143,6 +143,8 @@ static int X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time,
 static int internal_verify(X509_STORE_CTX *ctx);
+int ASN1_time_tm_clamp_notafter(struct tm *tm);
 static int
 null_callback(int ok, X509_STORE_CTX *e)
 {
diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c
index 87660fa989..e3820988e8 100644
--- a/src/lib/libtls/tls_conninfo.c
+++ b/src/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.15 2017/04/05 03:19:22 beck Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.16 2017/08/27 01:39:26 beck Exp $ */
 /*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -23,6 +23,8 @@
 #include <tls.h>
 #include "tls_internal.h"
+int ASN1_time_tm_clamp_notafter(struct tm *tm);
 int
 tls_hex_string(const unsigned char *in, size_t inlen, char **out,
    size_t *outlen)
@@ -121,6 +123,8 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
                goto err;
        if (ASN1_time_parse(after->data, after->length, &after_tm, 0) == -1)
                goto err;
+        if (!ASN1_time_tm_clamp_notafter(&after_tm))
+                goto err;
        if ((*notbefore = timegm(&before_tm)) == -1)
                goto err;
        if ((*notafter = timegm(&after_tm)) == -1)
author	beck <>	2017-08-27 01:39:26 +0000
committer	beck <>	2017-08-27 01:39:26 +0000
commit	ec59f338ce2a8842a8478c243e444aefb1459dfa (patch)
tree	d1b38b4c95049fecffbe49d28ff755942f4edad7
parent	4d875aa977b8bbe9969527101d0f2d7d67a77b0b (diff)
download	openbsd-ec59f338ce2a8842a8478c243e444aefb1459dfa.tar.gz openbsd-ec59f338ce2a8842a8478c243e444aefb1459dfa.tar.bz2 openbsd-ec59f338ce2a8842a8478c243e444aefb1459dfa.zip