GH2176: Add X509_VERIFY_PARAM_get_time
authorRich Salz <rsalz@openssl.org>
Tue, 10 Jan 2017 21:18:33 +0000 (16:18 -0500)
committerRich Salz <rsalz@openssl.org>
Thu, 12 Jan 2017 14:54:09 +0000 (09:54 -0500)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2208)

crypto/x509/x509_vpm.c
doc/man3/X509_VERIFY_PARAM_set_flags.pod
include/openssl/x509_vfy.h
test/crltest.c
util/libcrypto.num

index 9e1b7c64cd50044c934c8fdbc9a36c12249cacfa..95f1c5b4c824c02e03b8372eaaac8d02532f9555 100644 (file)
@@ -320,6 +320,11 @@ void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level)
     param->auth_level = auth_level;
 }
 
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param)
+{
+    return param->check_time;
+}
+
 void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
 {
     param->check_time = t;
index 388fdc212ead733948dcea7f1be8cafea5cd658d..76f1901108a2ef55ad66c6e4195f25209898810b 100644 (file)
@@ -9,6 +9,7 @@ X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags,
 X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth,
 X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level,
 X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time,
+X509_VERIFY_PARAM_get_time,
 X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies,
 X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host,
 X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername,
@@ -34,6 +35,7 @@ X509_VERIFY_PARAM_set1_ip_asc
  int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 
  void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+ time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
 
  int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
                                         ASN1_OBJECT *policy);
index 5dc9d063fc57f7252d2a020b696004a1e2069927..64f56df7f07cc1453ce2f034e3b2608b1fb457be 100644 (file)
@@ -459,6 +459,7 @@ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
 void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level);
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
 void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
 int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
                                   ASN1_OBJECT *policy);
index d95f0608e392f4b55d02733c0489a6d4a8c1ef39..11585eaeaa6b81d19c6ab150be3fe8c42ad192cb 100644 (file)
@@ -19,6 +19,8 @@
 #include "testutil.h"
 #include "test_main.h"
 
+#define PARAM_TIME 1474934400 /* Sep 27th, 2016 */
+
 static const char *kCRLTestRoot[] = {
     "-----BEGIN CERTIFICATE-----\n",
     "MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV\n",
@@ -253,7 +255,11 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls,
         goto err;
     X509_STORE_CTX_set0_trusted_stack(ctx, roots);
     X509_STORE_CTX_set0_crls(ctx, crls);
-    X509_VERIFY_PARAM_set_time(param, 1474934400 /* Sep 27th, 2016 */);
+    X509_VERIFY_PARAM_set_time(param, PARAM_TIME);
+    if (X509_VERIFY_PARAM_get_time(param) != PARAM_TIME) {
+        fprintf(stderr, "set_time/get_time mismatch.\n");
+        goto err;
+    }
     X509_VERIFY_PARAM_set_depth(param, 16);
     if (flags)
         X509_VERIFY_PARAM_set_flags(param, flags);
index 1c81545a1c5a6fec79f1105c9d6bd0cdc6f8fadf..f30b5d9142a6fac4be9494e0a16ef900d0ba8d4f 100644 (file)
@@ -4227,3 +4227,4 @@ RSA_pkey_ctx_ctrl                       4177      1_1_1   EXIST::FUNCTION:RSA
 UI_method_set_ex_data                   4178   1_1_1   EXIST::FUNCTION:UI
 UI_method_get_ex_data                   4179   1_1_1   EXIST::FUNCTION:UI
 UI_UTIL_wrap_read_pem_callback          4180   1_1_1   EXIST::FUNCTION:UI
+X509_VERIFY_PARAM_get_time              4181   1_1_0d  EXIST::FUNCTION: