[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Rich Salz rsalz at openssl.org
Thu Jan 12 15:10:57 UTC 2017 

The branch OpenSSL_1_1_0-stable has been updated
       via  ff7256e75928be74101f3ce2d1fbf62f7e10a1f3 (commit)
      from  d257b86caadb4f6cb2ca723b75452e0fc8c8bb15 (commit)


- Log -----------------------------------------------------------------
commit ff7256e75928be74101f3ce2d1fbf62f7e10a1f3
Author: Rich Salz <rsalz at openssl.org>
Date:   Tue Jan 10 16:18:33 2017 -0500

    GH2176: Add X509_VERIFY_PARAM_get_time
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2208)
    (cherry picked from commit 329f2f4a428b0acb7a579869a13f6cd6bf0a3551)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_vpm.c                     | 5 +++++
 doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 2 ++
 include/openssl/x509_vfy.h                 | 1 +
 test/crltest.c                             | 8 +++++++-
 util/libcrypto.num                         | 1 +
 5 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 245b3fa..b506722 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -337,6 +337,11 @@ void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level)
     param->auth_level = auth_level;
 }
 
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param)
+{
+    return param->check_time;
+}
+
 void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
 {
     param->check_time = t;
diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
index 388fdc2..76f1901 100644
--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -9,6 +9,7 @@ X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags,
 X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth,
 X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level,
 X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time,
+X509_VERIFY_PARAM_get_time,
 X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies,
 X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host,
 X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername,
@@ -34,6 +35,7 @@ X509_VERIFY_PARAM_set1_ip_asc
  int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 
  void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+ time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
 
  int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
                                         ASN1_OBJECT *policy);
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 5dc9d06..64f56df 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -459,6 +459,7 @@ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
 void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level);
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
 void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
 int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
                                   ASN1_OBJECT *policy);
diff --git a/test/crltest.c b/test/crltest.c
index ddcc785..74db944 100644
--- a/test/crltest.c
+++ b/test/crltest.c
@@ -18,6 +18,8 @@
 
 #include "testutil.h"
 
+#define PARAM_TIME 1474934400 /* Sep 27th, 2016 */
+
 static const char *kCRLTestRoot[] = {
     "-----BEGIN CERTIFICATE-----\n",
     "MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV\n",
@@ -252,7 +254,11 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls,
         goto err;
     X509_STORE_CTX_set0_trusted_stack(ctx, roots);
     X509_STORE_CTX_set0_crls(ctx, crls);
-    X509_VERIFY_PARAM_set_time(param, 1474934400 /* Sep 27th, 2016 */);
+    X509_VERIFY_PARAM_set_time(param, PARAM_TIME);
+    if (X509_VERIFY_PARAM_get_time(param) != PARAM_TIME) {
+        fprintf(stderr, "set_time/get_time mismatch.\n");
+        goto err;
+    }
     X509_VERIFY_PARAM_set_depth(param, 16);
     if (flags)
         X509_VERIFY_PARAM_set_flags(param, flags);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 1955350..b0de30a 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4212,3 +4212,4 @@ CT_POLICY_EVAL_CTX_get_time             4172	1_1_0d	EXIST::FUNCTION:CT
 CT_POLICY_EVAL_CTX_set_time             4173	1_1_0d	EXIST::FUNCTION:CT
 X509_VERIFY_PARAM_set_inh_flags         4174	1_1_0d	EXIST::FUNCTION:
 X509_VERIFY_PARAM_get_inh_flags         4175	1_1_0d	EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_time              4181	1_1_0d	EXIST::FUNCTION:

More information about the openssl-commits mailing list