All times in the x509 are UTC so use timegm() and not mktime().

The latter will apply the timezone offset and so the further west
the more probable you are to have problems with valid_from times.
Fix from tb@
OK job@, benno@ and me

diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c
index 53707ca..d3f33b7 100644 (file)
--- a/usr.sbin/rpki-client/mft.c
+++ b/usr.sbin/rpki-client/mft.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: mft.c,v 1.55 2022/04/01 17:22:07 claudio Exp $ */
+/*     $OpenBSD: mft.c,v 1.56 2022/04/08 15:29:59 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -85,9 +85,9 @@ mft_parse_time(const ASN1_GENERALIZEDTIME *from,
                return 0;
        }
 
-       if ((p->res->valid_from = mktime(&tm_from)) == -1 ||
-           (p->res->valid_until = mktime(&tm_until)) == -1)
-               errx(1, "%s: mktime failed", p->fn);
+       if ((p->res->valid_from = timegm(&tm_from)) == -1 ||
+           (p->res->valid_until = timegm(&tm_until)) == -1)
+               errx(1, "%s: timegm failed", p->fn);
 
        return 1;
 }

diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c
index 56959de..c7d8235 100644 (file)
--- a/usr.sbin/rpki-client/x509.c
+++ b/usr.sbin/rpki-client/x509.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: x509.c,v 1.38 2022/04/01 17:22:07 claudio Exp $ */
+/*     $OpenBSD: x509.c,v 1.39 2022/04/08 15:29:59 claudio Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -498,8 +498,8 @@ x509_get_time(const ASN1_TIME *at, time_t *t)
        memset(&tm, 0, sizeof(tm));
        if (ASN1_time_parse(at->data, at->length, &tm, 0) == -1)
                return 0;
-       if ((*t = mktime(&tm)) == -1)
-               errx(1, "mktime failed");
+       if ((*t = timegm(&tm)) == -1)
+               errx(1, "timegm failed");
        return 1;
 }