Fix invalid cast from ASN1_TIME to ASN1_GENERALIZEDTIME #612
Conversation
dcec503
to
610ca51
Codecov Report
@@ Coverage Diff @@
## master #612 +/- ##
==========================================
+ Coverage 96.78% 96.81% +0.03%
==========================================
Files 18 18
Lines 5626 5621 -5
Branches 390 389 -1
==========================================
- Hits 5445 5442 -3
+ Misses 121 120 -1
+ Partials 60 59 -1
Continue to review full report at Codecov.
|
610ca51
to
fa99b5f
UPDATE: pyca/cryptography#3491 was merged. |
…p with an error with LibreSSL.
fa99b5f
to
b93f1c3
Bumped up cryptography version requirement. Ready to merge. |
Those two functions do return an |
It appears https://github.com/openssl/openssl/blob/master/crypto/asn1/a_time.c#L120-L124 BTW, |
Interesting. Thanks for investigating that. We should revert that backwards incompatibility warning then. |
X509_get_notBefore()
andX509_get_notAfter()
return aASN1_TIME
structure which is not compatible withASN1_GENERALIZEDTIME
, but the original code recklessly casts it toASN1_GENERALIZEDTIME
and pass it toASN1_GENERALIZEDTIME_set_string()
.LibreSSL is rigorous enough to reject such.
pyca/cryptography#3491 needs to be applied to cryptography before the application of this patch.