Commit 56087077 authored by Viktor Dukhovni's avatar Viktor Dukhovni
Browse files

Better type for x509 -checkend argument 



This is a time_t and can be zero or negative.  So use 'M' (maximal
signed int) not 'p' (positive int).

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 04b08fbc

apps/x509.c

+10 −3
Original line number Diff line number Diff line
@@ -152,7 +152,7 @@ OPTIONS x509_options[] = { 
    {"setalias", OPT_SETALIAS, 's', "Set certificate alias"},

    {"days", OPT_DAYS, 'n',

     "How long till expiry of a signed certificate - def 30 days"},

    {"checkend", OPT_CHECKEND, 'p',

    {"checkend", OPT_CHECKEND, 'M',

     "Check whether the cert expires in the next arg seconds"},

    {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},

    {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"},
@@ -225,7 +225,8 @@ int x509_main(int argc, char **argv) 
    int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;

    int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0;

    int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0;

    int checkoffset = 0, enddate = 0;

    int enddate = 0;

    time_t checkoffset = 0;

    unsigned long nmflag = 0, certflag = 0;

    char nmflag_set = 0;

    OPTION_CHOICE o;
@@ -466,8 +467,14 @@ int x509_main(int argc, char **argv) 
            enddate = ++num;

            break;

        case OPT_CHECKEND:

            checkoffset = atoi(opt_arg());

            checkend = 1;

            if (!opt_imax(opt_arg(), &checkoffset))

                goto opthelp;

            if (checkoffset != (time_t)checkoffset) {

                BIO_printf(bio_err, "%s: checkend time out of range %s\n",

                           prog, opt_arg());

                goto opthelp;

            }

            break;

        case OPT_CHECKHOST:

            checkhost = opt_arg();