Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
7.44.0: asn1_output does not handle 4-digit year #427
Using curl 7.44.0
Note the dates are the same, but this is not the case in the actual certificate.
Digging further, there is a bug in file lib/vtls/openssl.c function asn1_output(); it does not cater for a 4-digit year in the input field.
e.g. here is some output from the function itself showing the fields in the input "tm" and each character in the "tm->data" field. The first set is correct, and the second has a 4-digit year which causes an error.
The calling code (in get_cert_chain) does not check the return-code (to print the "not before" and "not after" dates in a certificate), hence the same buffer is printed for the "expire date"
// Correct output, for the "start date"
// Incorrect, for the "expire date"
I'm about to push a patch like this that I think should correct this problem and in fact clean up this function a little bit:
Good question @ghedo! I think I once wrote this function because of some problem with that, but when I look back now I cannot find any explanation plus that we don't longer work with those old versions we had back then.
Yes, let's scrap this crappy function and go with ASN1_TIME_print(). And thanks a lot, I'll certainly appreciate a patch!
Soooo, I got carried away a bit and this is the result... "62 additions and 129 deletions" nice! However the output slightly changed (for example see the public key's BIGNUMs and the signature outputs). The original format could probably be restored, but more code is required.
There's still room for improvement though, for example