projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8dd55d9) | patch
X509 time: tighten validation per RFC 5280
authorEmilia Kasper <emilia@openssl.org>
Fri, 17 Feb 2017 18:00:15 +0000 (19:00 +0100)
committerDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Sat, 5 May 2018 20:14:37 +0000 (22:14 +0200)
commit7b6cfcd6dd99a86ecc3a1c51eef539494e191754
tree4ed47c321206c2c6e94748d5cb652ad0b79efd05tree | snapshot
parent8dd55d9ee107337460e6a35b4ece234b4475e12dcommit | diff
X509 time: tighten validation per RFC 5280

- Reject fractional seconds
- Reject offsets
- Check that the date/time digits are in valid range.
- Add documentation for X509_cmp_time

GH issue 2620

Backported from 80770da39e

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6182)
CHANGES diff | blob | history
crypto/x509/x509_vfy.c diff | blob | history
doc/man3/X509_cmp_time.pod [new file with mode: 0644] blob
test/Makefile diff | blob | history
test/recipes/60-test_x509_time.t [new file with mode: 0644] blob
test/x509_time_test.c [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.