From 7bbf74b4a508718799c37fccc2c2c8708e599b8d Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 13 Nov 2023 10:51:49 +0000
Subject: Remove ASN1_time_parse() dependency in tls_conninfo.c

During r2k22 ported some of the missing OpenSSL ASN.1 time API. This is
a step towards removing the dependency of libtls on ASN1_time_parse().
The latter grew a dependency on CBS/CBB, and thus the choice is to pull
in all this code or to use a no longer maintained version of the API.
Both options are unappealing.

ok beck
---
 src/lib/libtls/tls_conninfo.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c
index b2aadab083..90fdfacad3 100644
--- a/src/lib/libtls/tls_conninfo.c
+++ b/src/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.23 2023/05/14 07:26:25 op Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.24 2023/11/13 10:51:49 tb Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -117,9 +117,9 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
 		goto err;
 	if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL)
 		goto err;
-	if (ASN1_time_parse(before->data, before->length, &before_tm, 0) == -1)
+	if (!ASN1_TIME_to_tm(before, &before_tm))
 		goto err;
-	if (ASN1_time_parse(after->data, after->length, &after_tm, 0) == -1)
+	if (!ASN1_TIME_to_tm(after, &after_tm))
 		goto err;
 	if (!ASN1_time_tm_clamp_notafter(&after_tm))
 		goto err;
-- 
cgit v1.2.3-55-g6feb