You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by kb...@apache.org on 2011/09/14 16:02:29 UTC
svn commit: r1170631 - /httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
Author: kbrand
Date: Wed Sep 14 14:02:28 2011
New Revision: 1170631
URL: http://svn.apache.org/viewvc?rev=1170631&view=rev
Log:
Properly fill in the SSL_{CLIENT,SERVER}_V_{START,END} and
SSL_CLIENT_V_REMAIN variables for certs whose notBefore or
notAfter fields use GeneralizedTime encodings.
Modified:
httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c?rev=1170631&r1=1170630&r2=1170631&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c Wed Sep 14 14:02:28 2011
@@ -42,8 +42,8 @@
static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, request_rec *r, char *var);
static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, request_rec *r, X509 *xs, char *var);
static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname, char *var);
-static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, ASN1_UTCTIME *tm);
-static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, ASN1_UTCTIME *tm);
+static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, ASN1_TIME *tm);
+static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, ASN1_TIME *tm);
static char *ssl_var_lookup_ssl_cert_serial(apr_pool_t *p, X509 *xs);
static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, STACK_OF(X509) *sk, char *var);
static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs);
@@ -560,7 +560,7 @@ static char *ssl_var_lookup_ssl_cert_dn(
return result;
}
-static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, ASN1_UTCTIME *tm)
+static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, ASN1_TIME *tm)
{
char *result;
BIO* bio;
@@ -568,7 +568,7 @@ static char *ssl_var_lookup_ssl_cert_val
if ((bio = BIO_new(BIO_s_mem())) == NULL)
return NULL;
- ASN1_UTCTIME_print(bio, tm);
+ ASN1_TIME_print(bio, tm);
n = BIO_pending(bio);
result = apr_pcalloc(p, n+1);
n = BIO_read(bio, result, n);
@@ -581,27 +581,36 @@ static char *ssl_var_lookup_ssl_cert_val
/* Return a string giving the number of days remaining until 'tm', or
* "0" if this can't be determined. */
-static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, ASN1_UTCTIME *tm)
+static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, ASN1_TIME *tm)
{
apr_time_t then, now = apr_time_now();
apr_time_exp_t exp = {0};
long diff;
+ unsigned char *dp;
- /* Fail if the time isn't a valid ASN.1 UTCTIME; RFC3280 mandates
+ /* Fail if the time isn't a valid ASN.1 TIME; RFC3280 mandates
* that the seconds digits are present even though ASN.1
* doesn't. */
- if (tm->length < 11 || !ASN1_UTCTIME_check(tm)) {
+ if ((tm->type == V_ASN1_UTCTIME && tm->length < 11) ||
+ (tm->type == V_ASN1_GENERALIZEDTIME && tm->length < 13) ||
+ !ASN1_TIME_check(tm)) {
return apr_pstrdup(p, "0");
}
- exp.tm_year = DIGIT2NUM(tm->data);
- exp.tm_mon = DIGIT2NUM(tm->data + 2) - 1;
- exp.tm_mday = DIGIT2NUM(tm->data + 4) + 1;
- exp.tm_hour = DIGIT2NUM(tm->data + 6);
- exp.tm_min = DIGIT2NUM(tm->data + 8);
- exp.tm_sec = DIGIT2NUM(tm->data + 10);
+ if (tm->type == V_ASN1_UTCTIME) {
+ exp.tm_year = DIGIT2NUM(tm->data);
+ if (exp.tm_year <= 50) exp.tm_year += 100;
+ dp = tm->data + 2;
+ } else {
+ exp.tm_year = DIGIT2NUM(tm->data) * 100 + DIGIT2NUM(tm->data + 2) - 1900;
+ dp = tm->data + 4;
+ }
- if (exp.tm_year <= 50) exp.tm_year += 100;
+ exp.tm_mon = DIGIT2NUM(dp) - 1;
+ exp.tm_mday = DIGIT2NUM(dp + 2) + 1;
+ exp.tm_hour = DIGIT2NUM(dp + 4);
+ exp.tm_min = DIGIT2NUM(dp + 6);
+ exp.tm_sec = DIGIT2NUM(dp + 8);
if (apr_time_exp_gmt_get(&then, &exp) != APR_SUCCESS) {
return apr_pstrdup(p, "0");