[openssl-commits] [openssl] master update

Viktor Dukhovni viktor at openssl.org
Fri Jan 29 20:38:54 UTC 2016 

The branch master has been updated
       via  56087077d81e2b888f4cbe7f70b2077dc5add90d (commit)
      from  04b08fbc3d0db3f7c540df4f5f00d30fae27ef90 (commit)


- Log -----------------------------------------------------------------
commit 56087077d81e2b888f4cbe7f70b2077dc5add90d
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date:   Fri Jan 29 15:27:00 2016 -0500

    Better type for x509 -checkend argument
    
    This is a time_t and can be zero or negative.  So use 'M' (maximal
    signed int) not 'p' (positive int).
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 apps/x509.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/apps/x509.c b/apps/x509.c
index 7a688a9..a8d0686 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -152,7 +152,7 @@ OPTIONS x509_options[] = {
     {"setalias", OPT_SETALIAS, 's', "Set certificate alias"},
     {"days", OPT_DAYS, 'n',
      "How long till expiry of a signed certificate - def 30 days"},
-    {"checkend", OPT_CHECKEND, 'p',
+    {"checkend", OPT_CHECKEND, 'M',
      "Check whether the cert expires in the next arg seconds"},
     {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
     {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"},
@@ -225,7 +225,8 @@ int x509_main(int argc, char **argv)
     int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;
     int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0;
     int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0;
-    int checkoffset = 0, enddate = 0;
+    int enddate = 0;
+    time_t checkoffset = 0;
     unsigned long nmflag = 0, certflag = 0;
     char nmflag_set = 0;
     OPTION_CHOICE o;
@@ -466,8 +467,14 @@ int x509_main(int argc, char **argv)
             enddate = ++num;
             break;
         case OPT_CHECKEND:
-            checkoffset = atoi(opt_arg());
             checkend = 1;
+            if (!opt_imax(opt_arg(), &checkoffset))
+                goto opthelp;
+            if (checkoffset != (time_t)checkoffset) {
+                BIO_printf(bio_err, "%s: checkend time out of range %s\n",
+                           prog, opt_arg());
+                goto opthelp;
+            }
             break;
         case OPT_CHECKHOST:
             checkhost = opt_arg();

More information about the openssl-commits mailing list