The branch OpenSSL_1_0_2-stable has been updated
via 3dc160e9be6dcaeec9345fbb61b1c427d7026103 (commit)
from cdddc96d5defb418457b91817650971311816298 (commit)
- Log -----------------------------------------------------------------
commit 3dc160e9be6dcaeec9345fbb61b1c427d7026103
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Fri Jul 29 17:54:52 2016 +0100
Fix CRL time comparison.
Thanks to David Benjamin <david...@google.com> for reporting this bug.
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit e032117db251968bd09badc7d4718c2497302e55)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_vfy.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 5873ad4..ade5985 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1130,7 +1130,11 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL
**pcrl, X509_CRL **pdcrl,
if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
X509_CRL_get_lastUpdate(crl)) == 0)
continue;
- if (day < 0 || sec <= 0)
+ /*
+ * ASN1_TIME_diff never returns inconsistent signs for |day|
+ * and |sec|.
+ */
+ if (day <= 0 && sec <= 0)
continue;
}
best_crl = crl;
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
