summaryrefslogtreecommitdiff
path: root/src/lib/libtls
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libtls')
-rw-r--r--src/lib/libtls/tls_conninfo.c26
-rw-r--r--src/lib/libtls/tls_ocsp.c5
2 files changed, 22 insertions, 9 deletions
diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c
index 90fdfacad3..08f8714ecd 100644
--- a/src/lib/libtls/tls_conninfo.c
+++ b/src/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_conninfo.c,v 1.24 2023/11/13 10:51:49 tb Exp $ */ 1/* $OpenBSD: tls_conninfo.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2015 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -19,12 +19,27 @@
19#include <stdio.h> 19#include <stdio.h>
20#include <string.h> 20#include <string.h>
21 21
22#include <openssl/posix_time.h>
22#include <openssl/x509.h> 23#include <openssl/x509.h>
23 24
24#include <tls.h> 25#include <tls.h>
25#include "tls_internal.h" 26#include "tls_internal.h"
26 27
27int ASN1_time_tm_clamp_notafter(struct tm *tm); 28static int
29tls_convert_notafter(struct tm *tm, time_t *out_time)
30{
31 int64_t posix_time;
32
33 /* OPENSSL_timegm() fails if tm is not representable in a time_t */
34 if (OPENSSL_timegm(tm, out_time))
35 return 1;
36 if (!OPENSSL_tm_to_posix(tm, &posix_time))
37 return 0;
38 if (posix_time < INT32_MIN)
39 return 0;
40 *out_time = (posix_time > INT32_MAX) ? INT32_MAX : posix_time;
41 return 1;
42}
28 43
29int 44int
30tls_hex_string(const unsigned char *in, size_t inlen, char **out, 45tls_hex_string(const unsigned char *in, size_t inlen, char **out,
@@ -121,13 +136,10 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
121 goto err; 136 goto err;
122 if (!ASN1_TIME_to_tm(after, &after_tm)) 137 if (!ASN1_TIME_to_tm(after, &after_tm))
123 goto err; 138 goto err;
124 if (!ASN1_time_tm_clamp_notafter(&after_tm)) 139 if (!tls_convert_notafter(&after_tm, notafter))
125 goto err; 140 goto err;
126 if ((*notbefore = timegm(&before_tm)) == -1) 141 if (!OPENSSL_timegm(&before_tm, notbefore))
127 goto err; 142 goto err;
128 if ((*notafter = timegm(&after_tm)) == -1)
129 goto err;
130
131 return (0); 143 return (0);
132 144
133 err: 145 err:
diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c
index c7eb3e5986..f7d7ba9199 100644
--- a/src/lib/libtls/tls_ocsp.c
+++ b/src/lib/libtls/tls_ocsp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_ocsp.c,v 1.24 2023/11/13 10:56:19 tb Exp $ */ 1/* $OpenBSD: tls_ocsp.c,v 1.25 2024/03/24 11:30:12 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2015 Marko Kreen <markokr@gmail.com> 3 * Copyright (c) 2015 Marko Kreen <markokr@gmail.com>
4 * Copyright (c) 2016 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2016 Bob Beck <beck@openbsd.org>
@@ -25,6 +25,7 @@
25 25
26#include <openssl/err.h> 26#include <openssl/err.h>
27#include <openssl/ocsp.h> 27#include <openssl/ocsp.h>
28#include <openssl/posix_time.h>
28#include <openssl/x509.h> 29#include <openssl/x509.h>
29 30
30#include <tls.h> 31#include <tls.h>
@@ -68,7 +69,7 @@ tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_t
68 return -1; 69 return -1;
69 if (!ASN1_TIME_to_tm(gt, &tm)) 70 if (!ASN1_TIME_to_tm(gt, &tm))
70 return -1; 71 return -1;
71 if ((*gt_time = timegm(&tm)) == -1) 72 if (!OPENSSL_timegm(&tm, gt_time))
72 return -1; 73 return -1;
73 return 0; 74 return 0;
74} 75}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-02 10:11:53 +0000