From 56e5d5498d557fe1ab0a360ddcda2931d976ec62 Mon Sep 17 00:00:00 2001
From: Rob Percival <robpercival@google.com>
Date: Tue, 4 Apr 2017 23:24:28 +0100
Subject: [PATCH] CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given
 seconds

This resulted in the SCT timestamp check always failing, because the
timestamp appeared to be in the future.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3260)
---
 ssl/ssl_lib.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 9cfebeac01..fc651bb5d1 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4183,7 +4183,8 @@ int ssl_validate_ct(SSL *s)
     CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
     CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
     CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
-    CT_POLICY_EVAL_CTX_set_time(ctx, SSL_SESSION_get_time(SSL_get0_session(s)));
+    CT_POLICY_EVAL_CTX_set_time(
+            ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
 
     scts = SSL_get0_peer_scts(s);
 
-- 
2.25.1