diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2023-11-13 10:56:20 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-11-13 10:56:20 +0000 |
| commit | 36ea07289753a7483a07a2413ec026574f04e597 (patch) | |
| tree | bee87f11d88bf0234c2833bab4ae38c9f670f06f /lib/libtls | |
| parent | 81eea1ff33dccf10a5cba418f1a1a468514d50ff (diff) | |
Remove last caller of ASN1_time_parse(3) in libtls
This one is slightly annoying since ASN1_TIME_to_tm(3) doesn't provide a
direct check for a GeneralizedTime, so call ASN1_GENERALIZEDTIME_check()
as well. This means LibreSSL parses the time twice. Shrug.
ok beck
Diffstat (limited to 'lib/libtls')
| -rw-r--r-- | lib/libtls/tls_ocsp.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/libtls/tls_ocsp.c b/lib/libtls/tls_ocsp.c index acf6935a520..c7eb3e59869 100644 --- a/lib/libtls/tls_ocsp.c +++ b/lib/libtls/tls_ocsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_ocsp.c,v 1.23 2023/05/14 07:26:25 op Exp $ */ +/* $OpenBSD: tls_ocsp.c,v 1.24 2023/11/13 10:56:19 tb Exp $ */ /* * Copyright (c) 2015 Marko Kreen <markokr@gmail.com> * Copyright (c) 2016 Bob Beck <beck@openbsd.org> @@ -64,8 +64,9 @@ tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_t if (gt == NULL) return -1; /* RFC 6960 specifies that all times in OCSP must be GENERALIZEDTIME */ - if (ASN1_time_parse(gt->data, gt->length, &tm, - V_ASN1_GENERALIZEDTIME) == -1) + if (!ASN1_GENERALIZEDTIME_check(gt)) + return -1; + if (!ASN1_TIME_to_tm(gt, &tm)) return -1; if ((*gt_time = timegm(&tm)) == -1) return -1; |