From e25233d99c30885bdf97bfb6df657e13ca2bf1da Mon Sep 17 00:00:00 2001 From: Rob Percival Date: Mon, 12 Sep 2016 16:57:38 +0100 Subject: [PATCH] Default CT_POLICY_EVAL_CTX.epoch_time_in_ms to time() Reviewed-by: Viktor Dukhovni Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1554) --- crypto/ct/ct_policy.c | 7 +++++++ doc/man3/CT_POLICY_EVAL_CTX_new.pod | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c index 074589db93..d2f72c4a5a 100644 --- a/crypto/ct/ct_policy.c +++ b/crypto/ct/ct_policy.c @@ -13,18 +13,25 @@ #include #include +#include #include "ct_locl.h" CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void) { CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX)); + time_t epoch_time_in_s; if (ctx == NULL) { CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } + // Use the current time if available. + time(&epoch_time_in_s); + if (epoch_time_in_s != -1) + ctx->epoch_time_in_ms = epoch_time_in_s * 1000; + return ctx; } diff --git a/doc/man3/CT_POLICY_EVAL_CTX_new.pod b/doc/man3/CT_POLICY_EVAL_CTX_new.pod index fe25cd9cae..e0fb7c1ebc 100644 --- a/doc/man3/CT_POLICY_EVAL_CTX_new.pod +++ b/doc/man3/CT_POLICY_EVAL_CTX_new.pod @@ -68,8 +68,8 @@ CT_POLICY_EVAL_CTX. The SCT timestamp will be compared to this time to check whether the SCT was issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose -timestamp is in the future". Typically, the time provided to this function will -be the current time. +timestamp is in the future". By default, this will be set to the +current time (obtained by calling time()) if possible. The time should be in milliseconds since the Unix epoch. -- 2.25.1