diff options
| -rw-r--r-- | src/usr.bin/openssl/ca.c | 26 |
1 files changed, 3 insertions, 23 deletions
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c index a93be88d5a..1e802a4d74 100644 --- a/src/usr.bin/openssl/ca.c +++ b/src/usr.bin/openssl/ca.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ca.c,v 1.56 2023/07/02 07:08:57 tb Exp $ */ | 1 | /* $OpenBSD: ca.c,v 1.57 2023/11/13 12:43:08 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -607,26 +607,6 @@ static const struct option ca_options[] = { | |||
| 607 | { NULL }, | 607 | { NULL }, |
| 608 | }; | 608 | }; |
| 609 | 609 | ||
| 610 | /* | ||
| 611 | * Set a certificate time based on user provided input. Make sure | ||
| 612 | * what we put in the certificate is legit for RFC 5280. Returns | ||
| 613 | * 0 on success, -1 on an invalid time string. Strings must be | ||
| 614 | * YYYYMMDDHHMMSSZ for post 2050 dates. YYYYMMDDHHMMSSZ or | ||
| 615 | * YYMMDDHHMMSSZ is accepted for pre 2050 dates, and fixed up to | ||
| 616 | * be the correct format in the certificate. | ||
| 617 | */ | ||
| 618 | static int | ||
| 619 | setCertificateTime(ASN1_TIME *x509time, char *timestring) | ||
| 620 | { | ||
| 621 | struct tm tm1; | ||
| 622 | |||
| 623 | if (ASN1_time_parse(timestring, strlen(timestring), &tm1, 0) == -1) | ||
| 624 | return (-1); | ||
| 625 | if (!ASN1_TIME_set_tm(x509time, &tm1)) | ||
| 626 | return (-1); | ||
| 627 | return 0; | ||
| 628 | } | ||
| 629 | |||
| 630 | static void | 610 | static void |
| 631 | ca_usage(void) | 611 | ca_usage(void) |
| 632 | { | 612 | { |
| @@ -1985,7 +1965,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 1985 | if (strcmp(startdate, "today") == 0) { | 1965 | if (strcmp(startdate, "today") == 0) { |
| 1986 | if (X509_gmtime_adj(X509_get_notBefore(ret), 0) == NULL) | 1966 | if (X509_gmtime_adj(X509_get_notBefore(ret), 0) == NULL) |
| 1987 | goto err; | 1967 | goto err; |
| 1988 | } else if (setCertificateTime(X509_get_notBefore(ret), startdate) == -1) { | 1968 | } else if (!ASN1_TIME_set_string_X509(X509_get_notBefore(ret), startdate)) { |
| 1989 | BIO_printf(bio_err, "Invalid start date %s\n", startdate); | 1969 | BIO_printf(bio_err, "Invalid start date %s\n", startdate); |
| 1990 | goto err; | 1970 | goto err; |
| 1991 | } | 1971 | } |
| @@ -1994,7 +1974,7 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, | |||
| 1994 | if (X509_time_adj_ex(X509_get_notAfter(ret), days, 0, | 1974 | if (X509_time_adj_ex(X509_get_notAfter(ret), days, 0, |
| 1995 | NULL) == NULL) | 1975 | NULL) == NULL) |
| 1996 | goto err; | 1976 | goto err; |
| 1997 | } else if (setCertificateTime(X509_get_notAfter(ret), enddate) == -1) { | 1977 | } else if (!ASN1_TIME_set_string_X509(X509_get_notAfter(ret), enddate)) { |
| 1998 | BIO_printf(bio_err, "Invalid end date %s\n", enddate); | 1978 | BIO_printf(bio_err, "Invalid end date %s\n", enddate); |
| 1999 | goto err; | 1979 | goto err; |
| 2000 | } | 1980 | } |