From 329f2f4a428b0acb7a579869a13f6cd6bf0a3551 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Tue, 10 Jan 2017 16:18:33 -0500 Subject: [PATCH] GH2176: Add X509_VERIFY_PARAM_get_time Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2208) --- crypto/x509/x509_vpm.c | 5 +++++ doc/man3/X509_VERIFY_PARAM_set_flags.pod | 2 ++ include/openssl/x509_vfy.h | 1 + test/crltest.c | 8 +++++++- util/libcrypto.num | 1 + 5 files changed, 16 insertions(+), 1 deletion(-) diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 9e1b7c64cd..95f1c5b4c8 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -320,6 +320,11 @@ void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level) param->auth_level = auth_level; } +time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param) +{ + return param->check_time; +} + void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) { param->check_time = t; diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 388fdc212e..76f1901108 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -9,6 +9,7 @@ X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, +X509_VERIFY_PARAM_get_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername, @@ -34,6 +35,7 @@ X509_VERIFY_PARAM_set1_ip_asc int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); + time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy); diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 5dc9d063fc..64f56df7f0 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -459,6 +459,7 @@ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); +time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy); diff --git a/test/crltest.c b/test/crltest.c index d95f0608e3..11585eaeaa 100644 --- a/test/crltest.c +++ b/test/crltest.c @@ -19,6 +19,8 @@ #include "testutil.h" #include "test_main.h" +#define PARAM_TIME 1474934400 /* Sep 27th, 2016 */ + static const char *kCRLTestRoot[] = { "-----BEGIN CERTIFICATE-----\n", "MIIDbzCCAlegAwIBAgIJAODri7v0dDUFMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNV\n", @@ -253,7 +255,11 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, goto err; X509_STORE_CTX_set0_trusted_stack(ctx, roots); X509_STORE_CTX_set0_crls(ctx, crls); - X509_VERIFY_PARAM_set_time(param, 1474934400 /* Sep 27th, 2016 */); + X509_VERIFY_PARAM_set_time(param, PARAM_TIME); + if (X509_VERIFY_PARAM_get_time(param) != PARAM_TIME) { + fprintf(stderr, "set_time/get_time mismatch.\n"); + goto err; + } X509_VERIFY_PARAM_set_depth(param, 16); if (flags) X509_VERIFY_PARAM_set_flags(param, flags); diff --git a/util/libcrypto.num b/util/libcrypto.num index 1c81545a1c..f30b5d9142 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4227,3 +4227,4 @@ RSA_pkey_ctx_ctrl 4177 1_1_1 EXIST::FUNCTION:RSA UI_method_set_ex_data 4178 1_1_1 EXIST::FUNCTION:UI UI_method_get_ex_data 4179 1_1_1 EXIST::FUNCTION:UI UI_UTIL_wrap_read_pem_callback 4180 1_1_1 EXIST::FUNCTION:UI +X509_VERIFY_PARAM_get_time 4181 1_1_0d EXIST::FUNCTION: -- 2.25.1