diff options
Diffstat (limited to 'tls_conninfo.c')
| -rw-r--r-- | tls_conninfo.c | 57 |
1 files changed, 52 insertions, 5 deletions
diff --git a/tls_conninfo.c b/tls_conninfo.c index 4d9ae29..72d60c2 100644 --- a/tls_conninfo.c +++ b/tls_conninfo.c @@ -17,14 +17,13 @@ */ #include <stdio.h> +#include <string.h> #include <openssl/x509.h> #include <tls.h> #include "tls_internal.h" -int ASN1_time_tm_clamp_notafter(struct tm *tm); - int tls_hex_string(const unsigned char *in, size_t inlen, char **out, size_t *outlen) @@ -103,6 +102,54 @@ tls_get_peer_cert_subject(struct tls *ctx, char **subject) } static int +time_tm_cmp(struct tm *tm1, struct tm *tm2) +{ + if (tm1->tm_year < tm2->tm_year) + return (-1); + if (tm1->tm_year > tm2->tm_year) + return (1); + if (tm1->tm_mon < tm2->tm_mon) + return (-1); + if (tm1->tm_mon > tm2->tm_mon) + return (1); + if (tm1->tm_mday < tm2->tm_mday) + return (-1); + if (tm1->tm_mday > tm2->tm_mday) + return (1); + if (tm1->tm_hour < tm2->tm_hour) + return (-1); + if (tm1->tm_hour > tm2->tm_hour) + return (1); + if (tm1->tm_min < tm2->tm_min) + return (-1); + if (tm1->tm_min > tm2->tm_min) + return (1); + if (tm1->tm_sec < tm2->tm_sec) + return (-1); + if (tm1->tm_sec > tm2->tm_sec) + return (1); + return 0; +} + +static int +time_tm_clamp_notafter(struct tm *tm) +{ +#ifdef SMALL_TIME_T + struct tm broken_os_epoch_tm; + time_t broken_os_epoch_time = INT_MAX; + + if (gmtime_r(&broken_os_epoch_time, &broken_os_epoch_tm) == NULL) + return 0; + + if (time_tm_cmp(tm, &broken_os_epoch_tm) == 1) + memcpy(tm, &broken_os_epoch_tm, sizeof(*tm)); +#else + (void)time_tm_cmp; +#endif + return 1; +} + +static int tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, time_t *notafter) { @@ -116,11 +163,11 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, goto err; if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL) goto err; - if (ASN1_time_parse(before->data, before->length, &before_tm, 0) == -1) + if (ASN1_TIME_to_tm(before, &before_tm) == 0) goto err; - if (ASN1_time_parse(after->data, after->length, &after_tm, 0) == -1) + if (ASN1_TIME_to_tm(after, &after_tm) == 0) goto err; - if (!ASN1_time_tm_clamp_notafter(&after_tm)) + if (!time_tm_clamp_notafter(&after_tm)) goto err; if ((*notbefore = timegm(&before_tm)) == -1) goto err; |