From 029ab7abc5e850934d24dd25ac8d4aaf8a8ea355 Mon Sep 17 00:00:00 2001 From: tb Date: Mon, 13 Nov 2023 10:51:49 +0000 Subject: [PATCH] Remove ASN1_time_parse() dependency in tls_conninfo.c During r2k22 ported some of the missing OpenSSL ASN.1 time API. This is a step towards removing the dependency of libtls on ASN1_time_parse(). The latter grew a dependency on CBS/CBB, and thus the choice is to pull in all this code or to use a no longer maintained version of the API. Both options are unappealing. ok beck --- lib/libtls/tls_conninfo.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/libtls/tls_conninfo.c b/lib/libtls/tls_conninfo.c index b2aadab083d..90fdfacad3c 100644 --- a/lib/libtls/tls_conninfo.c +++ b/lib/libtls/tls_conninfo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_conninfo.c,v 1.23 2023/05/14 07:26:25 op Exp $ */ +/* $OpenBSD: tls_conninfo.c,v 1.24 2023/11/13 10:51:49 tb Exp $ */ /* * Copyright (c) 2015 Joel Sing * Copyright (c) 2015 Bob Beck @@ -117,9 +117,9 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, goto err; if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL) goto err; - if (ASN1_time_parse(before->data, before->length, &before_tm, 0) == -1) + if (!ASN1_TIME_to_tm(before, &before_tm)) goto err; - if (ASN1_time_parse(after->data, after->length, &after_tm, 0) == -1) + if (!ASN1_TIME_to_tm(after, &after_tm)) goto err; if (!ASN1_time_tm_clamp_notafter(&after_tm)) goto err; -- 2.20.1