On Thu, Oct 17, 2019 at 08:07:18AM -0300, Alexandre Hamada wrote: > Hi Claudio, > > Thanks for this, much appreciated. > > This is a much cleaner solution, I really liked it. > > I've tested both versions against a brand new manifest, and it is working > well.
Thanks for testing. Did you manage to trigger warnings with the original version (the one using mktime())? I was not really abel to trigger them but my guess is that CEST is just to close to GMT. > One thing about this patch, at mft_parse_econtent() there are some unused > variables left (this, next, now and buf[64]). Good point. I removed them in my tree. > Thanks again and regards, > Alexandre Hamada > > > On 16/10/2019 17:47, Claudio Jeker wrote: > > On Wed, Oct 16, 2019 at 07:26:25AM -0300, Alexandre Hamada wrote: > > > Hi Tech, > > > I would like to suggest to use UTC functions on all date/time convertions, > > > to avoid some clock drift errors. > > > > > > Kind regards, > > > Alexandre Hamada > > > > > > https://patch-diff.githubusercontent.com/raw/kristapsdz/rpki-client/pull/9.patch > > > > > > From a463f8cb23375f15b74eff49a06e8934423e3dbf Mon Sep 17 00:00:00 2001 > > > From: dev-gto <[email protected]> > > > Date: Wed, 16 Oct 2019 07:22:46 -0300 > > > Subject: [PATCH] Avoid local time conversion > > > > > > --- > > > mft.c | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/mft.c b/mft.c > > > index f9176b4..738f3ff 100644 > > > --- a/mft.c > > > +++ b/mft.c > > > @@ -75,8 +75,8 @@ gentime2time(struct parse *p, const > > > ASN1_GENERALIZEDTIME *tp) > > > memset(&tm, 0, sizeof(struct tm)); > > > if (strptime(buf, "%b %d %T %Y %Z", &tm) == NULL) > > > errx(EXIT_FAILURE, "%s: strptime", buf); > > > - if ((t = mktime(&tm)) == -1) > > > - errx(EXIT_FAILURE, "%s: mktime", buf); > > > + if ((t = timegm(&tm)) == -1) > > > + errx(EXIT_FAILURE, "%s: timegm", buf); > > > return t; > > > } > > > > > Hi Alexandre, > > > > How about this diff instead. This is inspired by OCSP_check_validity() and > > uses ASN1_GENERALIZEDTIME_check() and X509_cmp_time() to do the validity > > check. I think this has a way better chance to produce the expected > > results. My quick testing seems to indicate that it works but review and > > testing is very welcome. > > > -- :wq Claudio
