The tls_get_peer_cert_times function returns a certificate's notAfter date as a time_t value.
Make use of the ASN1_time_tm_clamp_notafter function so that when SMALL_TIME_T has been defined for a portable build tls_get_peer_cert_times does not fail when it would otherwise succeed. Signed-off-by: Kyle J. McKay <mack...@gmail.com> --- lib/libtls/tls_conninfo.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/libtls/tls_conninfo.c b/lib/libtls/tls_conninfo.c index 87660fa9..c8ee4f0f 100644 --- a/lib/libtls/tls_conninfo.c +++ b/lib/libtls/tls_conninfo.c @@ -123,7 +123,8 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, goto err; if ((*notbefore = timegm(&before_tm)) == -1) goto err; - if ((*notafter = timegm(&after_tm)) == -1) + if (!ASN1_time_tm_clamp_notafter(&after_tm) || + (*notafter = timegm(&after_tm)) == -1) goto err; return (0); --