acme-client: use timegm() instead of mktime()

Times in certificates are all expressed in Zulu time, so calling the time
zone dependent mktime() on such a time and comparing it to time(NULL) is
wrong.

This means that the check of at least 30 days validity and deciding on
whether to renew or not might have been off by by half a day depending on
where you are. That should not matter since you (or cron) are supposed to
run acme-client way more often than once a month.

ok claudio millert

diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c
index ab86228..87b3779 100644 (file)
--- a/usr.sbin/acme-client/revokeproc.c
+++ b/usr.sbin/acme-client/revokeproc.c
@@ -1,4 +1,4 @@
-/*     $Id: revokeproc.c,v 1.22 2022/12/15 16:59:04 tb Exp $ */
+/*     $Id: revokeproc.c,v 1.23 2022/12/15 17:36:56 tb Exp $ */
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -54,7 +54,7 @@ X509expires(X509 *x)
                return -1;
        }
 
-       return mktime(&t);
+       return timegm(&t);
 }
 
 int