diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2016-01-14 00:25:25 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2016-01-14 03:02:27 +0000 |
| commit | e254d12c439c3e50dfccc98e3414c3e1849792f5 (patch) | |
| tree | 1b387021269bee57fa7217e0863e6e72f75c579d /apps | |
| parent | 8788fb97a89181a538032af361343195f81e4f1e (diff) | |
| download | openssl-new-e254d12c439c3e50dfccc98e3414c3e1849792f5.tar.gz | |
To avoid possible time_t overflow use X509_time_adj_ex()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit 9aa00b187a65b1f30789d6274ec31ea86efe7973)
Conflicts:
apps/x509.c
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/ocsp.c | 2 | ||||
| -rw-r--r-- | apps/x509.c | 7 |
2 files changed, 2 insertions, 7 deletions
diff --git a/apps/ocsp.c b/apps/ocsp.c index 6ed255d4b5..5da51df514 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1041,7 +1041,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, bs = OCSP_BASICRESP_new(); thisupd = X509_gmtime_adj(NULL, 0); if (ndays != -1) - nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24); + nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL); /* Examine each certificate id in the request */ for (i = 0; i < id_count; i++) { diff --git a/apps/x509.c b/apps/x509.c index 864a60dda2..7c215bced0 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1226,12 +1226,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) goto err; - /* Lets just make it 12:00am GMT, Jan 1 1970 */ - /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */ - /* 28 days to be certified */ - - if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) == - NULL) + if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL) goto err; if (!X509_set_pubkey(x, pkey)) |