WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit e254d12c authored Jan 14, 2016 by Dr. Stephen Henson

To avoid possible time_t overflow use X509_time_adj_ex()



Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit 9aa00b18)

Conflicts:
	apps/x509.c

parent 8788fb97

apps/ocsp.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1041,7 +1041,7 @@ static int make_ocsp_response(OCSP_RESPONSE *resp, OCSP_REQUEST req,
		bs = OCSP_BASICRESP_new();
		thisupd = X509_gmtime_adj(NULL, 0);
		if (ndays != -1)
		nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
		nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);

		/* Examine each certificate id in the request */
		for (i = 0; i < id_count; i++) {

apps/x509.c

+1 −6

Original line number	Diff line number	Diff line
		@@ -1226,12 +1226,7 @@ static int sign(X509 x, EVP_PKEY pkey, int days, int clrext,
		if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
		goto err;

		/* Lets just make it 12:00am GMT, Jan 1 1970 */
		/* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
		/* 28 days to be certified */

		if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
		NULL)
		if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
		goto err;

		if (!X509_set_pubkey(x, pkey))