Hello, if (maxsec >= 0) { t_tmp = t_now - maxsec; - if (X509_cmp_time(thisupd, &t_tmp) < 0) { + if (gmtime_r(&t_tmp, &tm_tmp) == NULL) + return 0; + if (gmtime_r(&t_tmp, &tm_tmp) == NULL) + return 0; + if (asn1_tm_cmp(&tm_this, &tm_tmp) < 0) {
gmtime_r called twice with same arguments 2016-06-27 22:53 GMT+03:00 Bob Beck <b...@obtuse.com>: > This errata fixes several issues in the OCSP code that could result in > the incorrect generation and parsing of OCSP requests. This remediates > a lack of error checking on time parsing in these functions, and > ensures that only > GENERALIZEDTIME formats are accepted for OCSP, as per RFC 6960. > > Issues reported, and fixes provided by Kazuki Yamaguchi <k...@rhe.jp> > and Kinichiro Inoguchi <kinichiro.inogu...@gmail.com> > > Patches for OpenBSD 5.9 are available at: > http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/012_crypto.patch.sig > > and have been committed to -current. > > Portable LibreSSL releases will appear shortly. > >