forked from openssl/openssl
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
X509 time: tighten validation per RFC 5280
- Reject fractional seconds - Reject offsets - Check that the date/time digits are in valid range. - Add documentation for X509_cmp_time GH issue 2620 Backported from 80770da Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from openssl#6182)
- Loading branch information
Showing
6 changed files
with
340 additions
and
104 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
=pod | ||
|
||
=head1 NAME | ||
|
||
X509_cmp_time - X509 time functions | ||
|
||
=head1 SYNOPSIS | ||
|
||
X509_cmp_time(const ASN1_TIME *asn1_time, time_t *cmp_time); | ||
|
||
=head1 DESCRIPTION | ||
|
||
X509_cmp_time() compares the ASN1_TIME in B<asn1_time> with the time in | ||
<cmp_time>. | ||
|
||
B<asn1_time> must satisfy the ASN1_TIME format mandated by RFC 5280, i.e., | ||
its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ. | ||
|
||
If B<cmp_time> is NULL the current time is used. | ||
|
||
=head1 BUGS | ||
|
||
Unlike many standard comparison functions, X509_cmp_time returns 0 on error. | ||
|
||
=head1 RETURN VALUES | ||
|
||
X509_cmp_time() returns -1 if B<asn1_time> is earlier than, or equal to, | ||
B<cmp_time>, and 1 otherwise. It returns 0 on error. | ||
|
||
=head1 COPYRIGHT | ||
|
||
Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. | ||
|
||
Licensed under the OpenSSL license (the "License"). You may not use | ||
this file except in compliance with the License. You can obtain a copy | ||
in the file LICENSE in the source distribution or at | ||
L<https://www.openssl.org/source/license.html>. | ||
|
||
=cut |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
#! /usr/bin/env perl | ||
# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. | ||
# | ||
# Licensed under the OpenSSL license (the "License"). You may not use | ||
# this file except in compliance with the License. You can obtain a copy | ||
# in the file LICENSE in the source distribution or at | ||
# https://www.openssl.org/source/license.html | ||
|
||
|
||
use OpenSSL::Test::Simple; | ||
|
||
simple_test("test_x509_time", "x509_time_test"); |
Oops, something went wrong.