From 29d580d577487f2e1ba941eb27855117d7e3eae6 Mon Sep 17 00:00:00 2001 From: beck Date: Sat, 25 Jun 2016 16:10:26 +0000 Subject: [PATCH] Fix from kinichiro.inoguchi@gmail.com to ensure that OCSP uses Generalized Time on requests as per RFC6960 --- lib/libcrypto/ocsp/ocsp_srv.c | 4 ++-- lib/libssl/src/crypto/ocsp/ocsp_srv.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/libcrypto/ocsp/ocsp_srv.c b/lib/libcrypto/ocsp/ocsp_srv.c index 8f28916757f..1f8aa3141ea 100644 --- a/lib/libcrypto/ocsp/ocsp_srv.c +++ b/lib/libcrypto/ocsp/ocsp_srv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_srv.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */ +/* $OpenBSD: ocsp_srv.c,v 1.8 2016/06/25 16:10:26 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -260,7 +260,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, } if (!(flags & OCSP_NOTIME) && - !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) + !ASN1_GENERALIZEDTIME_set(brsp->tbsResponseData->producedAt, time(NULL))) goto err; /* Right now, I think that not doing double hashing is the right diff --git a/lib/libssl/src/crypto/ocsp/ocsp_srv.c b/lib/libssl/src/crypto/ocsp/ocsp_srv.c index 8f28916757f..1f8aa3141ea 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_srv.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_srv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_srv.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */ +/* $OpenBSD: ocsp_srv.c,v 1.8 2016/06/25 16:10:26 beck Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -260,7 +260,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, } if (!(flags & OCSP_NOTIME) && - !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) + !ASN1_GENERALIZEDTIME_set(brsp->tbsResponseData->producedAt, time(NULL))) goto err; /* Right now, I think that not doing double hashing is the right -- 2.20.1