[openssl-dev] X509_cmp_time (possible) bug
Dmitry Belyavsky
beldmit at gmail.com
Sat Sep 9 14:10:32 UTC 2017
Hello,
The X509_cmp_time function is documented as returning -1 or 1 on success
and 0 on error.
In fact it returns result of strcmp:
int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) {
...
i = strcmp(buff1, buff2);
if (i == 0) /* wait a second then return younger */
return -1;
else
return i;
}
According to documentation to the strcmp,
The strcmp() and strncmp() functions return an integer less than, equal to,
or greater than zero if s1 (or the first n bytes thereof) is found,
respectively, to be less than, to match, or be greater than s2.
It means (and have been met in practice) that X509_cmp_time() returns other
values than 1/-1.
So it seems reasonable to either update documentation or fix the behavior.
Thank you!
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170909/48094b3a/attachment.html>
More information about the openssl-dev
mailing list