diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2001-01-20 13:38:45 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2001-01-20 13:38:45 +0000 |
commit | ba8e28248f37d0b77742f9f200fcdf8d54d7d8b4 (patch) | |
tree | 08b16772acd289245fbb072574a6ac7b74193ada | |
parent | bfcec27d61a333ec853237dcf28cf77c7285be1f (diff) | |
download | openssl-ba8e28248f37d0b77742f9f200fcdf8d54d7d8b4.tar.gz |
Fix to stop X509_time_adj() using GeneralizedTime.
-rw-r--r-- | CHANGES | 9 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.c | 8 |
2 files changed, 14 insertions, 3 deletions
@@ -3,6 +3,15 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new(). + Previously it initialised the 'type' argument to V_ASN1_UTCTIME which + effectively meant GeneralizedTime would never be used. Now it + is initialised to -1 but X509_time_adj() now has to check the value + and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or + V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime. + [Steve Henson, reported by Kenneth R. Robinette + <support@securenetterm.com>] + *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously result in a zero length in the ASN1_INTEGER structure which was not consistent with the structure when d2i_ASN1_INTEGER() was used diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 32515cbcc4..73eecd6ee4 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -645,14 +645,16 @@ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm) { time_t t; + int type = -1; if (in_tm) t = *in_tm; else time(&t); t+=adj; - if (!s) return ASN1_TIME_set(s, t); - if (s->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t); - return ASN1_GENERALIZEDTIME_set(s, t); + if (s) type = s->type; + if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t); + if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t); + return ASN1_TIME_set(s, t); } int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) |