1 files changed, 35 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c
index 48bb89fe63..1e134bfe59 100644
--- a/src/lib/libtls/tls_conninfo.c
+++ b/src/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.4 2015/10/07 23:25:45 beck Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.5 2015/10/07 23:33:38 beck Exp $ */
 /*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -119,6 +119,37 @@ tls_get_peer_cert_subject(struct tls *ctx, char **subject)
        return (0);
 }
+static int
+tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, time_t *notafter)
+{
+        struct tm before_tm, after_tm;
+        ASN1_TIME *before, *after;
+        int rv = -1;
+        memset(&before_tm, 0, sizeof(before_tm));
+        memset(&after_tm, 0, sizeof(after_tm));
+        if (ctx->ssl_peer_cert != NULL) {
+                if ((before = X509_get_notBefore(ctx->ssl_peer_cert)) == NULL)
+                        goto err;
+                if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL)
+                        goto err;
+                if (asn1_time_parse(before->data, before->length, &before_tm, 0)
+                    == -1)
+                        goto err;
+                if (asn1_time_parse(after->data, after->length, &after_tm, 0)
+                    == -1)
+                        goto err;
+                if ((*notbefore = timegm(&before_tm)) == -1)
+                        goto err;
+                if ((*notafter = timegm(&after_tm)) == -1)
+                        goto err;
+        }
+        rv = 0;
+ err:
+        return (rv);
+}
 int
 tls_get_conninfo(struct tls *ctx) {
        const char * tmp;
@@ -130,6 +161,9 @@ tls_get_conninfo(struct tls *ctx) {
                        goto err;
                if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1)
                        goto err;
+                if (tls_get_peer_cert_times(ctx, &ctx->conninfo->notbefore,
+                    &ctx->conninfo->notafter) == -1)
+                        goto err;
        }
        if ((tmp = SSL_get_version(ctx->ssl_conn)) == NULL)
                goto err;

diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c index 48bb89fe63..1e134bfe59 100644 --- a/src/lib/libtls/tls_conninfo.c +++ b/src/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_conninfo.c,v 1.4 2015/10/07 23:25:45 beck Exp $ */	1	/* $OpenBSD: tls_conninfo.c,v 1.5 2015/10/07 23:33:38 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -119,6 +119,37 @@ tls_get_peer_cert_subject(struct tls ctx, char *subject)
119	return (0);	119	return (0);
120	}	120	}
121		121
		122	static int
		123	tls_get_peer_cert_times(struct tls ctx, time_t notbefore, time_t *notafter)
		124	{
		125	struct tm before_tm, after_tm;
		126	ASN1_TIME before, after;
		127	int rv = -1;
		128
		129	memset(&before_tm, 0, sizeof(before_tm));
		130	memset(&after_tm, 0, sizeof(after_tm));
		131
		132	if (ctx->ssl_peer_cert != NULL) {
		133	if ((before = X509_get_notBefore(ctx->ssl_peer_cert)) == NULL)
		134	goto err;
		135	if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL)
		136	goto err;
		137	if (asn1_time_parse(before->data, before->length, &before_tm, 0)
		138	== -1)
		139	goto err;
		140	if (asn1_time_parse(after->data, after->length, &after_tm, 0)
		141	== -1)
		142	goto err;
		143	if ((*notbefore = timegm(&before_tm)) == -1)
		144	goto err;
		145	if ((*notafter = timegm(&after_tm)) == -1)
		146	goto err;
		147	}
		148	rv = 0;
		149	err:
		150	return (rv);
		151	}
		152
122	int	153	int
123	tls_get_conninfo(struct tls *ctx) {	154	tls_get_conninfo(struct tls *ctx) {
124	const char * tmp;	155	const char * tmp;
@@ -130,6 +161,9 @@ tls_get_conninfo(struct tls *ctx) {
130	goto err;	161	goto err;
131	if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1)	162	if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1)
132	goto err;	163	goto err;
		164	if (tls_get_peer_cert_times(ctx, &ctx->conninfo->notbefore,
		165	&ctx->conninfo->notafter) == -1)
		166	goto err;
133	}	167	}
134	if ((tmp = SSL_get_version(ctx->ssl_conn)) == NULL)	168	if ((tmp = SSL_get_version(ctx->ssl_conn)) == NULL)
135	goto err;	169	goto err;