diff options
| author |   beck <beck@openbsd.org> | 2017-08-27 01:39:26 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2017-08-27 01:39:26 +0000 |
| commit | 9fdb873ddceaf45b13025652f4a88c921aa20c75 (patch) | |
| tree | 592b00d4e0c34889da49bef8efc481ae4b5e36d0 /lib/libtls/tls_conninfo.c | |
| parent | Increase the buffer sizes for user prompts to ensure that they won't be (diff) | |
| download | wireguard-openbsd-9fdb873ddceaf45b13025652f4a88c921aa20c75.tar.xz wireguard-openbsd-9fdb873ddceaf45b13025652f4a88c921aa20c75.zip | |
Make the symbol for ASN1_time_tm_clamp_notafter visible so libtls
can get at it, so libtls can also deal with notafter's past the
realm of 32 bit time in portable
Diffstat (limited to 'lib/libtls/tls_conninfo.c')
| -rw-r--r-- | lib/libtls/tls_conninfo.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/libtls/tls_conninfo.c b/lib/libtls/tls_conninfo.c index 87660fa9899..e3820988e82 100644 --- a/lib/libtls/tls_conninfo.c +++ b/lib/libtls/tls_conninfo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_conninfo.c,v 1.15 2017/04/05 03:19:22 beck Exp $ */ +/* $OpenBSD: tls_conninfo.c,v 1.16 2017/08/27 01:39:26 beck Exp $ */ /* * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> * Copyright (c) 2015 Bob Beck <beck@openbsd.org> @@ -23,6 +23,8 @@ #include <tls.h> #include "tls_internal.h" +int ASN1_time_tm_clamp_notafter(struct tm *tm); + int tls_hex_string(const unsigned char *in, size_t inlen, char **out, size_t *outlen) @@ -121,6 +123,8 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, goto err; if (ASN1_time_parse(after->data, after->length, &after_tm, 0) == -1) goto err; + if (!ASN1_time_tm_clamp_notafter(&after_tm)) + goto err; if ((*notbefore = timegm(&before_tm)) == -1) goto err; if ((*notafter = timegm(&after_tm)) == -1) |