Hello,
if (maxsec >= 0) {
t_tmp = t_now - maxsec;
- if (X509_cmp_time(thisupd, &t_tmp) < 0) {
+ if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
+ return 0;
+ if (gmtime_r(&t_tmp, &tm_tmp) == NULL)
+ return 0;
+ if (asn1_tm_cmp(&tm_this, &tm_tmp) < 0) {
gmtime_r called twice with same arguments
2016-06-27 22:53 GMT+03:00 Bob Beck <b...@obtuse.com>:
> This errata fixes several issues in the OCSP code that could result in
> the incorrect generation and parsing of OCSP requests. This remediates
> a lack of error checking on time parsing in these functions, and
> ensures that only
> GENERALIZEDTIME formats are accepted for OCSP, as per RFC 6960.
>
> Issues reported, and fixes provided by Kazuki Yamaguchi <k...@rhe.jp>
> and Kinichiro Inoguchi <kinichiro.inogu...@gmail.com>
>
> Patches for OpenBSD 5.9 are available at:
> http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/012_crypto.patch.sig
>
> and have been committed to -current.
>
> Portable LibreSSL releases will appear shortly.
>
>
