[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

Dr. Stephen Henson steve at openssl.org
Thu Jan 14 03:12:05 UTC 2016


The branch OpenSSL_1_0_1-stable has been updated
       via  00cebd11317344989aeb9025202c2536b1490856 (commit)
      from  f5fc9404c231ed013e31c0284adcacfb0f71b86b (commit)


- Log -----------------------------------------------------------------
commit 00cebd11317344989aeb9025202c2536b1490856
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Thu Jan 14 00:25:25 2016 +0000

    To avoid possible time_t overflow use X509_time_adj_ex()
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
    (cherry picked from commit 9aa00b187a65b1f30789d6274ec31ea86efe7973)
    
    Conflicts:
    	apps/x509.c

-----------------------------------------------------------------------

Summary of changes:
 apps/ocsp.c | 2 +-
 apps/x509.c | 7 +------
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 9fd9568..bb420c2 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -1003,7 +1003,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
     bs = OCSP_BASICRESP_new();
     thisupd = X509_gmtime_adj(NULL, 0);
     if (ndays != -1)
-        nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
+        nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
 
     /* Examine each certificate id in the request */
     for (i = 0; i < id_count; i++) {
diff --git a/apps/x509.c b/apps/x509.c
index 929359b..e5fe610 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1170,12 +1170,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
     if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
         goto err;
 
-    /* Lets just make it 12:00am GMT, Jan 1 1970 */
-    /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
-    /* 28 days to be certified */
-
-    if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
-        NULL)
+    if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
         goto err;
 
     if (!X509_set_pubkey(x, pkey))


More information about the openssl-commits mailing list