The tls_get_peer_cert_times function returns a certificate's notAfter
date as a time_t value.
Make use of the ASN1_time_tm_clamp_notafter function so that when
SMALL_TIME_T has been defined for a portable build tls_get_peer_cert_times
does not fail when it would otherwise succeed.
Signed-off-by: Kyle J. McKay <mack...@gmail.com>
---
lib/libtls/tls_conninfo.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/libtls/tls_conninfo.c b/lib/libtls/tls_conninfo.c
index 87660fa9..c8ee4f0f 100644
--- a/lib/libtls/tls_conninfo.c
+++ b/lib/libtls/tls_conninfo.c
@@ -123,7 +123,8 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
goto err;
if ((*notbefore = timegm(&before_tm)) == -1)
goto err;
- if ((*notafter = timegm(&after_tm)) == -1)
+ if (!ASN1_time_tm_clamp_notafter(&after_tm) ||
+ (*notafter = timegm(&after_tm)) == -1)
goto err;
return (0);
--
