From: beck Date: Sat, 25 Jun 2016 16:10:26 +0000 (+0000) Subject: Fix from kinichiro.inoguchi@gmail.com to ensure that OCSP uses X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=29d580d577487f2e1ba941eb27855117d7e3eae6;p=openbsd Fix from kinichiro.inoguchi@gmail.com to ensure that OCSP uses Generalized Time on requests as per RFC6960 --- diff --git a/lib/libcrypto/ocsp/ocsp_srv.c b/lib/libcrypto/ocsp/ocsp_srv.c index 8f28916757f..1f8aa3141ea 100644 --- a/lib/libcrypto/ocsp/ocsp_srv.c +++ b/lib/libcrypto/ocsp/ocsp_srv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_srv.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */ +/* $OpenBSD: ocsp_srv.c,v 1.8 2016/06/25 16:10:26 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -260,7 +260,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, } if (!(flags & OCSP_NOTIME) && - !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) + !ASN1_GENERALIZEDTIME_set(brsp->tbsResponseData->producedAt, time(NULL))) goto err; /* Right now, I think that not doing double hashing is the right diff --git a/lib/libssl/src/crypto/ocsp/ocsp_srv.c b/lib/libssl/src/crypto/ocsp/ocsp_srv.c index 8f28916757f..1f8aa3141ea 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_srv.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_srv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_srv.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */ +/* $OpenBSD: ocsp_srv.c,v 1.8 2016/06/25 16:10:26 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -260,7 +260,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, } if (!(flags & OCSP_NOTIME) && - !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) + !ASN1_GENERALIZEDTIME_set(brsp->tbsResponseData->producedAt, time(NULL))) goto err; /* Right now, I think that not doing double hashing is the right