artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b2877bc) | patch
Fix the ocsp code to actually check for errors when comparing time values
authorbeck <beck@openbsd.org>
Sat, 25 Jun 2016 15:38:44 +0000 (15:38 +0000)
committerbeck <beck@openbsd.org>
Sat, 25 Jun 2016 15:38:44 +0000 (15:38 +0000)
commitdeb3dc466c68662f6b6879636710eb076b89f0fa
tree1e7cb11ed073f66b6bd7d45d79c79c1f36a66605tree | snapshot
parentb2877bc38d6be0092750ab28101f23c80584778ccommit | diff
Fix the ocsp code to actually check for errors when comparing time values
which was not being done due to a lack of checking of the return code for
X509_cmp_time.  Ensure that we only compare GERNERALIZEDTIME values because
this is what is specified by RFC6960.

Issue reported, and fix provided by Kazuki Yamaguchi <k@rhe.jp>
ok bcook@
lib/libcrypto/ocsp/ocsp_cl.c diff | blob | history
lib/libssl/src/crypto/ocsp/ocsp_cl.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim