From 24fc4f656cadeef0e30f3c4d7d6a9e49672e40a1 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 14 Jan 2010 17:44:46 +0000 Subject: [PATCH] PR: 1618 Submitted by: steve@openssl.org Fix bug in 0.9.8-stable time handling in ca.c . NB: this only handles cases where times are not being checked or printed properly. Issues relating to time_t becoming negative or wrapping around are *NOT* addressed. OpenSSL 1.0.0 and later does fix these issues by using its own time routines. --- apps/ca.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 72acaeaae4..651c5a648a 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2095,7 +2095,7 @@ again2: } BIO_printf(bio_err,"Certificate is to be certified until "); - ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret)); + ASN1_TIME_print(bio_err,X509_get_notAfter(ret)); if (days) BIO_printf(bio_err," (%ld days)",days); BIO_printf(bio_err, "\n"); @@ -2373,12 +2373,15 @@ err: static int check_time_format(const char *str) { - ASN1_UTCTIME tm; + ASN1_TIME tm; tm.data=(unsigned char *)str; tm.length=strlen(str); tm.type=V_ASN1_UTCTIME; - return(ASN1_UTCTIME_check(&tm)); + if (ASN1_TIME_check(&tm)) + return 1; + tm.type=V_ASN1_GENERALIZEDTIME; + return ASN1_TIME_check(&tm); } static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) -- 2.25.1