From 80b25efa407f15c1c21323b7e512e2e051c0f5e3 Mon Sep 17 00:00:00 2001
From: Moriyoshi Koizumi <mozo@mozo.jp>
Date: Thu, 22 Jun 2017 00:54:20 +0900
Subject: Fix invalid cast from ASN1_TIME to ASN1_GENERALIZEDTIME (#612)

* Fix invalid cast from ASN1_TIME to ASN1_GENERALIZEDTIME, which ends up with an error with LibreSSL.

* Require cryptography >= 1.9
---
 setup.py              |  2 +-
 src/OpenSSL/crypto.py | 14 +++-----------
 tox.ini               |  2 +-
 3 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/setup.py b/setup.py
index 97aa209..4f30804 100755
--- a/setup.py
+++ b/setup.py
@@ -96,7 +96,7 @@ if __name__ == "__main__":
         package_dir={"": "src"},
         install_requires=[
             # Fix cryptographyMinimum in tox.ini when changing this!
-            "cryptography>=1.7",
+            "cryptography>=1.9",
             "six>=1.5.2"
         ],
     )
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index 3ef0e9b..3404172 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -103,7 +103,7 @@ def _set_asn1_time(boundary, when):
     """
     The the time value of an ASN1 time object.
 
-    @param boundary: An ASN1_GENERALIZEDTIME pointer (or an object safely
+    @param boundary: An ASN1_TIME pointer (or an object safely
         castable to that type) which will have its value set.
     @param when: A string representation of the desired time value.
 
@@ -116,17 +116,9 @@ def _set_asn1_time(boundary, when):
     if not isinstance(when, bytes):
         raise TypeError("when must be a byte string")
 
-    set_result = _lib.ASN1_GENERALIZEDTIME_set_string(
-        _ffi.cast('ASN1_GENERALIZEDTIME*', boundary), when)
+    set_result = _lib.ASN1_TIME_set_string(boundary, when)
     if set_result == 0:
-        dummy = _ffi.gc(_lib.ASN1_STRING_new(), _lib.ASN1_STRING_free)
-        _lib.ASN1_STRING_set(dummy, when, len(when))
-        check_result = _lib.ASN1_GENERALIZEDTIME_check(
-            _ffi.cast('ASN1_GENERALIZEDTIME*', dummy))
-        if not check_result:
-            raise ValueError("Invalid string")
-        else:
-            _untested_error()
+        raise ValueError("Invalid string")
 
 
 def _get_asn1_time(timestamp):
diff --git a/tox.ini b/tox.ini
index 1141261..9248041 100644
--- a/tox.ini
+++ b/tox.ini
@@ -9,7 +9,7 @@ deps =
     coverage>=4.2
     pytest>=3.0.1
     cryptographyMaster: git+https://github.com/pyca/cryptography.git
-    cryptographyMinimum: cryptography<1.8
+    cryptographyMinimum: cryptography<=1.9
 setenv =
     # Do not allow the executing environment to pollute the test environment
     # with extra packages.
-- 
cgit v1.2.1