Commit e254d12c authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

To avoid possible time_t overflow use X509_time_adj_ex() 



Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
(cherry picked from commit 9aa00b18)

Conflicts:
	apps/x509.c
parent 8788fb97

apps/ocsp.c

+1 −1
Original line number Diff line number Diff line
@@ -1041,7 +1041,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, 
    bs = OCSP_BASICRESP_new();

    thisupd = X509_gmtime_adj(NULL, 0);

    if (ndays != -1)

        nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);

        nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);



    /* Examine each certificate id in the request */

    for (i = 0; i < id_count; i++) {

apps/x509.c

+1 −6
Original line number Diff line number Diff line
@@ -1226,12 +1226,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, 
    if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)

        goto err;



    /* Lets just make it 12:00am GMT, Jan 1 1970 */

    /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */

    /* 28 days to be certified */



    if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==

        NULL)

    if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)

        goto err;



    if (!X509_set_pubkey(x, pkey))