The branch OpenSSL_1_1_0-stable has been updated
via 48345917747a34feea3da2936994a265c7f2ca11 (commit)
from b6d6b4cd37bf92fded03a0babb80a639b95e96c8 (commit)
- Log -----------------------------------------------------------------
commit 48345917747a34feea3da2936994a265c7f2ca11
Author: Emilia Kasper <emi...@openssl.org>
Date: Mon Dec 18 18:41:05 2017 +0100
X509_cmp_time: only return 1, 0, -1.
The behaviour of X509_cmp_time used to be undocumented.
The new behaviour, documented in master, is to return only 0, 1, or -1.
Make the code in the other branches to adhere to this behaviour too,
to reduce confusion. There is nothing to be gained from returning
other values.
Fixes GH#4954
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Richard Levitte <levi...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4955)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_vfy.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 3018c69..b9b36c4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1865,10 +1865,11 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t
*cmp_time)
return 1;
}
i = strcmp(buff1, buff2);
- if (i == 0) /* wait a second then return younger :-) */
- return -1;
- else
- return i;
+ /*
+ * X509_cmp_time comparison is <=.
+ * The return value 0 is reserved for errors.
+ */
+ return i > 0 ? 1 : -1;
}
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
