Hello,
if (maxsec >= 0) {
t_tmp = t_now - maxsec;
-if (X509_cmp_time(thisupd, &t_tmp) < 0) {
+if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
+return 0;
+if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
+return 0;
+if (asn1_tm_cmp(&tm_this, &tm_tmp) < 0) {
gmtime_r called twice with same arguments
2016-06-27 22:53 GMT+03:00 Bob Beck :
> This errata fixes several issues in the OCSP code that could result in
> the incorrect generation and parsing of OCSP requests. This remediates
> a lack of error checking on time parsing in these functions, and
> ensures that only
> GENERALIZEDTIME formats are accepted for OCSP, as per RFC 6960.
>
> Issues reported, and fixes provided by Kazuki Yamaguchi
> and Kinichiro Inoguchi
>
> Patches for OpenBSD 5.9 are available at:
> http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/012_crypto.patch.sig
>
> and have been committed to -current.
>
> Portable LibreSSL releases will appear shortly.
>
>