From: Rob Percival Date: Tue, 4 Apr 2017 22:24:28 +0000 (+0100) Subject: CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds X-Git-Tag: OpenSSL_1_1_1-pre1~1774 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6a71e06d7aa02b857c8650aa94f6efd9d6531872;p=oweals%2Fopenssl.git CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds This resulted in the SCT timestamp check always failing, because the timestamp appeared to be in the future. Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/3138) --- diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4f4eba104a..4de2b47455 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4361,7 +4361,8 @@ int ssl_validate_ct(SSL *s) CT_POLICY_EVAL_CTX_set1_cert(ctx, cert); CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer); CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store); - CT_POLICY_EVAL_CTX_set_time(ctx, SSL_SESSION_get_time(SSL_get0_session(s))); + CT_POLICY_EVAL_CTX_set_time( + ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000); scts = SSL_get0_peer_scts(s);