Commit e25233d9 authored by Rob Percival's avatar Rob Percival Committed by Rich Salz
Browse files

Default CT_POLICY_EVAL_CTX.epoch_time_in_ms to time() 



Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
parent 1871a5aa

crypto/ct/ct_policy.c

+7 −0
Original line number Diff line number Diff line
@@ -13,18 +13,25 @@ 


#include <openssl/ct.h>

#include <openssl/err.h>

#include <time.h>



#include "ct_locl.h"



CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)

{

    CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));

    time_t epoch_time_in_s;



    if (ctx == NULL) {

        CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);

        return NULL;

    }



    // Use the current time if available.

    time(&epoch_time_in_s);

    if (epoch_time_in_s != -1)

        ctx->epoch_time_in_ms = epoch_time_in_s * 1000;



    return ctx;

}

doc/man3/CT_POLICY_EVAL_CTX_new.pod

+2 −2
Original line number Diff line number Diff line
@@ -68,8 +68,8 @@ CT_POLICY_EVAL_CTX. 


The SCT timestamp will be compared to this time to check whether the SCT was

issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose

timestamp is in the future". Typically, the time provided to this function will

be the current time.

timestamp is in the future". By default, this will be set to the

current time (obtained by calling time()) if possible.



The time should be in milliseconds since the Unix epoch.