Better type for x509 -checkend argument

This is a time_t and can be zero or negative.  So use 'M' (maximal
signed int) not 'p' (positive int).

Reviewed-by: Rich Salz <rsalz@openssl.org>

1 files changed, 10 insertions, 3 deletions

diff --git a/apps/x509.c b/apps/x509.c
index 7a688a9dfe..a8d0686a6b 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -152,7 +152,7 @@ OPTIONS x509_options[] = {
     {"setalias", OPT_SETALIAS, 's', "Set certificate alias"},
     {"days", OPT_DAYS, 'n',
      "How long till expiry of a signed certificate - def 30 days"},
-    {"checkend", OPT_CHECKEND, 'p',
+    {"checkend", OPT_CHECKEND, 'M',
      "Check whether the cert expires in the next arg seconds"},
     {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
     {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"},
@@ -225,7 +225,8 @@ int x509_main(int argc, char **argv)
     int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;
     int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0;
     int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0;
-    int checkoffset = 0, enddate = 0;
+    int enddate = 0;
+    time_t checkoffset = 0;
     unsigned long nmflag = 0, certflag = 0;
     char nmflag_set = 0;
     OPTION_CHOICE o;
@@ -466,8 +467,14 @@ int x509_main(int argc, char **argv)
             enddate = ++num;
             break;
         case OPT_CHECKEND:
-            checkoffset = atoi(opt_arg());
             checkend = 1;
+            if (!opt_imax(opt_arg(), &checkoffset))
+                goto opthelp;
+            if (checkoffset != (time_t)checkoffset) {
+                BIO_printf(bio_err, "%s: checkend time out of range %s\n",
+                           prog, opt_arg());
+                goto opthelp;
+            }
             break;
         case OPT_CHECKHOST:
             checkhost = opt_arg();