summary refs log tree commit diff
path: root/tls_conninfo.c
diff options
context:
space:
mode:
Diffstat (limited to 'tls_conninfo.c')
-rw-r--r--tls_conninfo.c57
1 files changed, 52 insertions, 5 deletions
diff --git a/tls_conninfo.c b/tls_conninfo.c
index 4d9ae29..72d60c2 100644
--- a/tls_conninfo.c
+++ b/tls_conninfo.c
@@ -17,14 +17,13 @@
  */
 
 #include <stdio.h>
+#include <string.h>
 
 #include <openssl/x509.h>
 
 #include <tls.h>
 #include "tls_internal.h"
 
-int ASN1_time_tm_clamp_notafter(struct tm *tm);
-
 int
 tls_hex_string(const unsigned char *in, size_t inlen, char **out,
     size_t *outlen)
@@ -103,6 +102,54 @@ tls_get_peer_cert_subject(struct tls *ctx, char **subject)
 }
 
 static int
+time_tm_cmp(struct tm *tm1, struct tm *tm2)
+{
+	if (tm1->tm_year < tm2->tm_year)
+		return (-1);
+	if (tm1->tm_year > tm2->tm_year)
+		return (1);
+	if (tm1->tm_mon < tm2->tm_mon)
+		return (-1);
+	if (tm1->tm_mon > tm2->tm_mon)
+		return (1);
+	if (tm1->tm_mday < tm2->tm_mday)
+		return (-1);
+	if (tm1->tm_mday > tm2->tm_mday)
+		return (1);
+	if (tm1->tm_hour < tm2->tm_hour)
+		return (-1);
+	if (tm1->tm_hour > tm2->tm_hour)
+		return (1);
+	if (tm1->tm_min < tm2->tm_min)
+		return (-1);
+	if (tm1->tm_min > tm2->tm_min)
+		return (1);
+	if (tm1->tm_sec < tm2->tm_sec)
+		return (-1);
+	if (tm1->tm_sec > tm2->tm_sec)
+		return (1);
+	return 0;
+}
+
+static int
+time_tm_clamp_notafter(struct tm *tm)
+{
+#ifdef SMALL_TIME_T
+	struct tm broken_os_epoch_tm;
+	time_t broken_os_epoch_time = INT_MAX;
+
+	if (gmtime_r(&broken_os_epoch_time, &broken_os_epoch_tm) == NULL)
+		return 0;
+
+	if (time_tm_cmp(tm, &broken_os_epoch_tm) == 1)
+		memcpy(tm, &broken_os_epoch_tm, sizeof(*tm));
+#else
+	(void)time_tm_cmp;
+#endif
+	return 1;
+}
+
+static int
 tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
     time_t *notafter)
 {
@@ -116,11 +163,11 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
 		goto err;
 	if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL)
 		goto err;
-	if (ASN1_time_parse(before->data, before->length, &before_tm, 0) == -1)
+	if (ASN1_TIME_to_tm(before, &before_tm) == 0)
 		goto err;
-	if (ASN1_time_parse(after->data, after->length, &after_tm, 0) == -1)
+	if (ASN1_TIME_to_tm(after, &after_tm) == 0)
 		goto err;
-	if (!ASN1_time_tm_clamp_notafter(&after_tm))
+	if (!time_tm_clamp_notafter(&after_tm))
 		goto err;
 	if ((*notbefore = timegm(&before_tm)) == -1)
 		goto err;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-03 02:46:18 +0000
t-pink/commit/ui-commit.c?h=1.4.0&id=f35db1cd2b75aac6952aa07713e44ca01fd89727&follow=1'>ui-commit: add support for 'commit-filter' optionLars Hjemli 2009-07-31ui-tree: add support for source-filter optionLars Hjemli 2009-07-31ui-snapshot: use cgit_{open|close}_filter() to execute compressorsLars Hjemli 2009-07-31Add generic filter/plugin infrastructureLars Hjemli 2009-07-25Add support for mime type registration and lookupLars Hjemli 2009-07-25cgit.h: keep config flags sortedLars Hjemli 2009-07-25cgitrc.5.txt: document 'embedded' and 'noheader'Lars Hjemli 2009-07-25Add support for 'noheader' optionLars Hjemli 2009-07-25cgitrc.5.txt: document 'head-include'Lars Hjemli 2009-07-25ui-blob: return 'application/octet-stream' for binary blobsLars Hjemli 2009-07-25ui-plain: Return 'application/octet-stream' for binary files.Remko Tronçon 2009-06-11use cgit_httpscheme() for atom feedDiego Ongaro 2009-06-11add cgit_httpscheme() -> http:// or https://Diego Ongaro 2009-06-07Return http statuscode 404 on unknown branchLars Hjemli 2009-06-07Add head-include configuration option.Mark Lodato 2009-03-15CGIT 0.8.2.1Lars Hjemli 2009-03-15Fix doc-related glitches in Makefile and .gitignoreLars Hjemli 2009-03-15ui-snapshot: avoid segfault when no filename is specifiedLars Hjemli 2009-03-15fix segfault when displaying empty blobsEric Wong 2009-02-19Add support for HEAD requestsLars Hjemli 2009-02-19Add support for ETag in 'plain' viewLars Hjemli 2009-02-12ui-tree: escape ascii-text properly in hexdump viewLars Hjemli 2009-02-12Makefile: add doc-related targetsLars Hjemli