Continued patches so certificates and CRLs now can support and use

GeneralizedTime.

4 files changed, 36 insertions, 19 deletions

diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index bfee6f66a7..060f99d5a8 100644
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -146,9 +146,9 @@ X509 *x;
 	if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
 	if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
 	if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
-	if (!ASN1_UTCTIME_print(bp,X509_get_notBefore(x))) goto err;
+	if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
 	if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
-	if (!ASN1_UTCTIME_print(bp,X509_get_notAfter(x))) goto err;
+	if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
 	if (BIO_write(bp,"\n        Subject: ",18) <= 0) goto err;
 	if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
 	if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
diff --git a/crypto/asn1/x_cinf.c b/crypto/asn1/x_cinf.c
index 99b9fe7b9f..88099ea9f7 100644
--- a/crypto/asn1/x_cinf.c
+++ b/crypto/asn1/x_cinf.c
@@ -147,7 +147,14 @@ long length;
 		M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
 			V_ASN1_BIT_STRING);
 		}
+/* Note: some broken certificates include extensions but don't set
+ * the version number properly. By bypassing this check they can
+ * be parsed.
+ */
+
+#ifdef VERSION_EXT_CHECK
 	if (ver >= 2) /* version 3 extensions */
+#endif
 		{
 		if (ret->extensions != NULL)
 			while (sk_num(ret->extensions))
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index 5e1fa796bd..8629a73f8c 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -85,13 +85,13 @@ unsigned char **pp;
 	M_ASN1_I2D_vars(a);
 
 	M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
 	M_ASN1_I2D_len_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION);
 
 	M_ASN1_I2D_seq_total();
 
 	M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
 	M_ASN1_I2D_put_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION);
 
 	M_ASN1_I2D_finish();
@@ -107,7 +107,7 @@ long length;
 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
 	M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_UTCTIME);
+	M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_TIME);
 	M_ASN1_D2I_get_seq_opt(ret->extensions,d2i_X509_EXTENSION,
 		X509_EXTENSION_free);
 	M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
@@ -130,9 +130,9 @@ unsigned char **pp;
 		}
 	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
 	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
-	M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_TIME);
 	if (a->nextUpdate != NULL)
-		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME); }
+		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
 	M_ASN1_I2D_len_SEQUENCE_opt(a->revoked,i2d_X509_REVOKED);
 	M_ASN1_I2D_len_EXP_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION,0,
 		V_ASN1_SEQUENCE,v1);
@@ -177,8 +177,18 @@ long length;
 		}
 	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
 	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
-	M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_UTCTIME);
-	M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME,V_ASN1_UTCTIME);
+	M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_TIME);
+	/* Manually handle the OPTIONAL ASN1_TIME stuff */
+	if((c.slen != 0) && 
+		( ( (M_ASN1_next & ~V_ASN1_CONSTRUCTED) ==
+			 V_ASN1_UNIVERSAL|V_ASN1_UTCTIME)
+		|| ( ( (M_ASN1_next & ~V_ASN1_CONSTRUCTED) ==
+			 V_ASN1_UNIVERSAL|V_ASN1_GENERALIZEDTIME) ) ) ) {
+		M_ASN1_D2I_get(ret->nextUpdate,d2i_ASN1_TIME);
+	}
+	if(!ret->nextUpdate) 
+		M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_GENERALIZEDTIME,
+							V_ASN1_GENERALIZEDTIME);
 	if (ret->revoked != NULL)
 		{
 		while (sk_num(ret->revoked))
diff --git a/crypto/asn1/x_val.c b/crypto/asn1/x_val.c
index 8d996e9950..f6534a6a5c 100644
--- a/crypto/asn1/x_val.c
+++ b/crypto/asn1/x_val.c
@@ -71,13 +71,13 @@ unsigned char **pp;
 	{
 	M_ASN1_I2D_vars(a);
 
-	M_ASN1_I2D_len(a->notBefore,i2d_ASN1_UTCTIME);
-	M_ASN1_I2D_len(a->notAfter,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_len(a->notBefore,i2d_ASN1_TIME);
+	M_ASN1_I2D_len(a->notAfter,i2d_ASN1_TIME);
 
 	M_ASN1_I2D_seq_total();
 
-	M_ASN1_I2D_put(a->notBefore,i2d_ASN1_UTCTIME);
-	M_ASN1_I2D_put(a->notAfter,i2d_ASN1_UTCTIME);
+	M_ASN1_I2D_put(a->notBefore,i2d_ASN1_TIME);
+	M_ASN1_I2D_put(a->notAfter,i2d_ASN1_TIME);
 
 	M_ASN1_I2D_finish();
 	}
@@ -91,8 +91,8 @@ long length;
 
 	M_ASN1_D2I_Init();
 	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_UTCTIME);
-	M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_UTCTIME);
+	M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_TIME);
+	M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_TIME);
 	M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL);
 	}
 
@@ -102,8 +102,8 @@ X509_VAL *X509_VAL_new()
 	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_VAL);
-	M_ASN1_New(ret->notBefore,ASN1_UTCTIME_new);
-	M_ASN1_New(ret->notAfter,ASN1_UTCTIME_new);
+	M_ASN1_New(ret->notBefore,ASN1_TIME_new);
+	M_ASN1_New(ret->notAfter,ASN1_TIME_new);
 	return(ret);
 	M_ASN1_New_Error(ASN1_F_X509_VAL_NEW);
 	}
@@ -112,8 +112,8 @@ void X509_VAL_free(a)
 X509_VAL *a;
 	{
 	if (a == NULL) return;
-	ASN1_UTCTIME_free(a->notBefore);
-	ASN1_UTCTIME_free(a->notAfter);
+	ASN1_TIME_free(a->notBefore);
+	ASN1_TIME_free(a->notAfter);
 	Free((char *)a);
 	}