[openssl-dev] X509_cmp_time (possible) bug
Short, Todd
tshort at akamai.com
Mon Sep 11 14:16:11 UTC 2017
Yes, it’s annoying, but it’s historic. I looked into changing this at one point.
I recommend using ASN1_TIME_cmp_time_t() (from the master branch) instead, for the results you are expecting.
--
-Todd Short
// tshort at akamai.com<mailto:tshort at akamai.com>
// "One if by land, two if by sea, three if by the Internet."
On Sep 9, 2017, at 10:10 AM, Dmitry Belyavsky <beldmit at gmail.com<mailto:beldmit at gmail.com>> wrote:
Hello,
The X509_cmp_time function is documented as returning -1 or 1 on success and 0 on error.
In fact it returns result of strcmp:
int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) {
...
i = strcmp(buff1, buff2);
if (i == 0) /* wait a second then return younger */
return -1;
else
return i;
}
According to documentation to the strcmp,
The strcmp() and strncmp() functions return an integer less than, equal to, or greater than zero if s1 (or the first n bytes thereof) is found, respectively, to be less than, to match, or be greater than s2.
It means (and have been met in practice) that X509_cmp_time() returns other values than 1/-1.
So it seems reasonable to either update documentation or fix the behavior.
Thank you!
--
SY, Dmitry Belyavsky
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170911/29857538/attachment-0001.html>
More information about the openssl-dev
mailing list