From 783006207145068e182de503ec58feabf7c79aaf Mon Sep 17 00:00:00 2001 From: beck <> Date: Sat, 25 Jun 2016 16:10:26 +0000 Subject: Fix from kinichiro.inoguchi@gmail.com to ensure that OCSP uses Generalized Time on requests as per RFC6960 --- src/lib/libcrypto/ocsp/ocsp_srv.c | 4 ++-- src/lib/libssl/src/crypto/ocsp/ocsp_srv.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libcrypto/ocsp/ocsp_srv.c b/src/lib/libcrypto/ocsp/ocsp_srv.c index 8f28916757..1f8aa3141e 100644 --- a/src/lib/libcrypto/ocsp/ocsp_srv.c +++ b/src/lib/libcrypto/ocsp/ocsp_srv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_srv.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */ +/* $OpenBSD: ocsp_srv.c,v 1.8 2016/06/25 16:10:26 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -260,7 +260,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, } if (!(flags & OCSP_NOTIME) && - !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) + !ASN1_GENERALIZEDTIME_set(brsp->tbsResponseData->producedAt, time(NULL))) goto err; /* Right now, I think that not doing double hashing is the right diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c b/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c index 8f28916757..1f8aa3141e 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_srv.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */ +/* $OpenBSD: ocsp_srv.c,v 1.8 2016/06/25 16:10:26 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -260,7 +260,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, } if (!(flags & OCSP_NOTIME) && - !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) + !ASN1_GENERALIZEDTIME_set(brsp->tbsResponseData->producedAt, time(NULL))) goto err; /* Right now, I think that not doing double hashing is the right -- cgit v1.2.3-55-g6feb