The branch OpenSSL_1_0_2-stable has been updated
via e254d12c439c3e50dfccc98e3414c3e1849792f5 (commit)
from 8788fb97a89181a538032af361343195f81e4f1e (commit)
- Log -----------------------------------------------------------------
commit e254d12c439c3e50dfccc98e3414c3e1849792f5
Author: Dr. Stephen Henson <[email protected]>
Date: Thu Jan 14 00:25:25 2016 +0000
To avoid possible time_t overflow use X509_time_adj_ex()
Reviewed-by: Viktor Dukhovni <[email protected]>
(cherry picked from commit 9aa00b187a65b1f30789d6274ec31ea86efe7973)
Conflicts:
apps/x509.c
-----------------------------------------------------------------------
Summary of changes:
apps/ocsp.c | 2 +-
apps/x509.c | 7 +------
2 files changed, 2 insertions(+), 7 deletions(-)
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 6ed255d..5da51df 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1041,7 +1041,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp,
OCSP_REQUEST *req,
bs = OCSP_BASICRESP_new();
thisupd = X509_gmtime_adj(NULL, 0);
if (ndays != -1)
- nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
+ nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
/* Examine each certificate id in the request */
for (i = 0; i < id_count; i++) {
diff --git a/apps/x509.c b/apps/x509.c
index 864a60d..7c215bc 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1226,12 +1226,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int
clrext,
if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
goto err;
- /* Lets just make it 12:00am GMT, Jan 1 1970 */
- /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
- /* 28 days to be certified */
-
- if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
- NULL)
+ if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
goto err;
if (!X509_set_pubkey(x, pkey))
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
