From 44117f3fa5d5da3ca84e705ce4715fa2712f3d18 Mon Sep 17 00:00:00 2001 From: claudio Date: Fri, 8 Apr 2022 15:29:59 +0000 Subject: [PATCH] All times in the x509 are UTC so use timegm() and not mktime(). The latter will apply the timezone offset and so the further west the more probable you are to have problems with valid_from times. Fix from tb@ OK job@, benno@ and me --- usr.sbin/rpki-client/mft.c | 8 ++++---- usr.sbin/rpki-client/x509.c | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/usr.sbin/rpki-client/mft.c b/usr.sbin/rpki-client/mft.c index 53707ca7d51..d3f33b735dc 100644 --- a/usr.sbin/rpki-client/mft.c +++ b/usr.sbin/rpki-client/mft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mft.c,v 1.55 2022/04/01 17:22:07 claudio Exp $ */ +/* $OpenBSD: mft.c,v 1.56 2022/04/08 15:29:59 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -85,9 +85,9 @@ mft_parse_time(const ASN1_GENERALIZEDTIME *from, return 0; } - if ((p->res->valid_from = mktime(&tm_from)) == -1 || - (p->res->valid_until = mktime(&tm_until)) == -1) - errx(1, "%s: mktime failed", p->fn); + if ((p->res->valid_from = timegm(&tm_from)) == -1 || + (p->res->valid_until = timegm(&tm_until)) == -1) + errx(1, "%s: timegm failed", p->fn); return 1; } diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c index 56959defc8e..c7d82354df4 100644 --- a/usr.sbin/rpki-client/x509.c +++ b/usr.sbin/rpki-client/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.38 2022/04/01 17:22:07 claudio Exp $ */ +/* $OpenBSD: x509.c,v 1.39 2022/04/08 15:29:59 claudio Exp $ */ /* * Copyright (c) 2021 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -498,8 +498,8 @@ x509_get_time(const ASN1_TIME *at, time_t *t) memset(&tm, 0, sizeof(tm)); if (ASN1_time_parse(at->data, at->length, &tm, 0) == -1) return 0; - if ((*t = mktime(&tm)) == -1) - errx(1, "mktime failed"); + if ((*t = timegm(&tm)) == -1) + errx(1, "timegm failed"); return 1; } -- 2.20.1