Commit 6a71e06d authored by Rob Percival's avatar Rob Percival Committed by Richard Levitte
Browse files

CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds 



This resulted in the SCT timestamp check always failing, because the
timestamp appeared to be in the future.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3138)
parent 2094ea07

ssl/ssl_lib.c

+2 −1
Original line number Diff line number Diff line
@@ -4361,7 +4361,8 @@ int ssl_validate_ct(SSL *s) 
    CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);

    CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);

    CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);

    CT_POLICY_EVAL_CTX_set_time(ctx, SSL_SESSION_get_time(SSL_get0_session(s)));

    CT_POLICY_EVAL_CTX_set_time(

            ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);



    scts = SSL_get0_peer_scts(s);