Make the symbol for ASN1_time_tm_clamp_notafter visible so libtls

can get at it, so libtls can also deal with notafter's past the
realm of 32 bit time in portable

1 files changed, 5 insertions, 1 deletions

diff --git a/lib/libtls/tls_conninfo.c b/lib/libtls/tls_conninfo.c
index 87660fa9899..e3820988e82 100644
--- a/lib/libtls/tls_conninfo.c
+++ b/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.15 2017/04/05 03:19:22 beck Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.16 2017/08/27 01:39:26 beck Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -23,6 +23,8 @@
 #include <tls.h>
 #include "tls_internal.h"
 
+int ASN1_time_tm_clamp_notafter(struct tm *tm);
+
 int
 tls_hex_string(const unsigned char *in, size_t inlen, char **out,
     size_t *outlen)
@@ -121,6 +123,8 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
 		goto err;
 	if (ASN1_time_parse(after->data, after->length, &after_tm, 0) == -1)
 		goto err;
+	if (!ASN1_time_tm_clamp_notafter(&after_tm))
+		goto err;
 	if ((*notbefore = timegm(&before_tm)) == -1)
 		goto err;
 	if ((*notafter = timegm(&after_tm)) == -1)