Remove ASN1_time_parse() dependency in tls_conninfo.c

During r2k22 ported some of the missing OpenSSL ASN.1 time API. This is
a step towards removing the dependency of libtls on ASN1_time_parse().
The latter grew a dependency on CBS/CBB, and thus the choice is to pull
in all this code or to use a no longer maintained version of the API.
Both options are unappealing.

ok beck

diff --git a/lib/libtls/tls_conninfo.c b/lib/libtls/tls_conninfo.c
index b2aadab..90fdfac 100644 (file)
--- a/lib/libtls/tls_conninfo.c
+++ b/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.23 2023/05/14 07:26:25 op Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.24 2023/11/13 10:51:49 tb Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -117,9 +117,9 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
                goto err;
        if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL)
                goto err;
-       if (ASN1_time_parse(before->data, before->length, &before_tm, 0) == -1)
+       if (!ASN1_TIME_to_tm(before, &before_tm))
                goto err;
-       if (ASN1_time_parse(after->data, after->length, &after_tm, 0) == -1)
+       if (!ASN1_TIME_to_tm(after, &after_tm))
                goto err;
        if (!ASN1_time_tm_clamp_notafter(&after_tm))
                goto err;