diff options
| author | June McEnroe <june@causal.agency> | 2026-06-01 14:42:49 -0400 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2026-06-01 14:42:49 -0400 |
| commit | d08958f5d2c4d71d8132ea5c6cb45e48b5c4d83d (patch) | |
| tree | 01f7eb5bc8d9d0e708ec077364a6b3fda7f1bdde /tls_conninfo.c | |
| parent | Import LibreSSL 3.9.2 (diff) | |
| download | libretls-d08958f5d2c4d71d8132ea5c6cb45e48b5c4d83d.tar.gz libretls-d08958f5d2c4d71d8132ea5c6cb45e48b5c4d83d.zip | |
Import LibreSSL 4.0.0
Diffstat (limited to 'tls_conninfo.c')
| -rw-r--r-- | tls_conninfo.c | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/tls_conninfo.c b/tls_conninfo.c index 90fdfac..bf52517 100644 --- a/tls_conninfo.c +++ b/tls_conninfo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_conninfo.c,v 1.24 2023/11/13 10:51:49 tb Exp $ */ +/* $OpenBSD: tls_conninfo.c,v 1.27 2024/03/26 06:31:22 jsing Exp $ */ /* * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> * Copyright (c) 2015 Bob Beck <beck@openbsd.org> @@ -19,12 +19,27 @@ #include <stdio.h> #include <string.h> +#include <openssl/posix_time.h> #include <openssl/x509.h> #include <tls.h> #include "tls_internal.h" -int ASN1_time_tm_clamp_notafter(struct tm *tm); +static int +tls_convert_notafter(struct tm *tm, time_t *out_time) +{ + int64_t posix_time; + + /* OPENSSL_timegm() fails if tm is not representable in a time_t */ + if (OPENSSL_timegm(tm, out_time)) + return 1; + if (!OPENSSL_tm_to_posix(tm, &posix_time)) + return 0; + if (posix_time < INT32_MIN) + return 0; + *out_time = (posix_time > INT32_MAX) ? INT32_MAX : posix_time; + return 1; +} int tls_hex_string(const unsigned char *in, size_t inlen, char **out, @@ -64,7 +79,7 @@ tls_get_peer_cert_hash(struct tls *ctx, char **hash) return (0); if (tls_cert_hash(ctx->ssl_peer_cert, hash) == -1) { - tls_set_errorx(ctx, "unable to compute peer certificate hash - out of memory"); + tls_set_errorx(ctx, TLS_ERROR_OUT_OF_MEMORY, "out of memory"); *hash = NULL; return -1; } @@ -121,13 +136,10 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, goto err; if (!ASN1_TIME_to_tm(after, &after_tm)) goto err; - if (!ASN1_time_tm_clamp_notafter(&after_tm)) + if (!tls_convert_notafter(&after_tm, notafter)) goto err; - if ((*notbefore = timegm(&before_tm)) == -1) + if (!OPENSSL_timegm(&before_tm, notbefore)) goto err; - if ((*notafter = timegm(&after_tm)) == -1) - goto err; - return (0); err: @@ -233,7 +245,7 @@ tls_conninfo_populate(struct tls *ctx) tls_conninfo_free(ctx->conninfo); if ((ctx->conninfo = calloc(1, sizeof(struct tls_conninfo))) == NULL) { - tls_set_errorx(ctx, "out of memory"); + tls_set_errorx(ctx, TLS_ERROR_OUT_OF_MEMORY, "out of memory"); goto err; } |