[openssl-commits] [openssl] master update
Viktor Dukhovni
viktor at openssl.org
Fri Jan 29 20:38:54 UTC 2016
The branch master has been updated
via 56087077d81e2b888f4cbe7f70b2077dc5add90d (commit)
from 04b08fbc3d0db3f7c540df4f5f00d30fae27ef90 (commit)
- Log -----------------------------------------------------------------
commit 56087077d81e2b888f4cbe7f70b2077dc5add90d
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date: Fri Jan 29 15:27:00 2016 -0500
Better type for x509 -checkend argument
This is a time_t and can be zero or negative. So use 'M' (maximal
signed int) not 'p' (positive int).
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/x509.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/apps/x509.c b/apps/x509.c
index 7a688a9..a8d0686 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -152,7 +152,7 @@ OPTIONS x509_options[] = {
{"setalias", OPT_SETALIAS, 's', "Set certificate alias"},
{"days", OPT_DAYS, 'n',
"How long till expiry of a signed certificate - def 30 days"},
- {"checkend", OPT_CHECKEND, 'p',
+ {"checkend", OPT_CHECKEND, 'M',
"Check whether the cert expires in the next arg seconds"},
{OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
{"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"},
@@ -225,7 +225,8 @@ int x509_main(int argc, char **argv)
int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;
int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0;
int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0;
- int checkoffset = 0, enddate = 0;
+ int enddate = 0;
+ time_t checkoffset = 0;
unsigned long nmflag = 0, certflag = 0;
char nmflag_set = 0;
OPTION_CHOICE o;
@@ -466,8 +467,14 @@ int x509_main(int argc, char **argv)
enddate = ++num;
break;
case OPT_CHECKEND:
- checkoffset = atoi(opt_arg());
checkend = 1;
+ if (!opt_imax(opt_arg(), &checkoffset))
+ goto opthelp;
+ if (checkoffset != (time_t)checkoffset) {
+ BIO_printf(bio_err, "%s: checkend time out of range %s\n",
+ prog, opt_arg());
+ goto opthelp;
+ }
break;
case OPT_CHECKHOST:
checkhost = opt_arg();
More information about the openssl-commits
mailing list