On Wed, Oct 16, 2019 at 07:26:25AM -0300, Alexandre Hamada wrote: > Hi Tech, > I would like to suggest to use UTC functions on all date/time convertions, > to avoid some clock drift errors.
I came to the conclusion that more is needed in this function. Converting time using ASN1_GENERALIZEDTIME_print(), strptime() and whatever version of mktime() is not going to work well. I think this code should be rewritten using X509_cmp_time() instead. In libressl there is even ASN1_time_parse() but since this code still needs openssl code for the CMS functions it is better to stick to X509_cmp_time(). I put it on my list of things to look at in rpki-client. > Kind regards, > Alexandre Hamada > > https://patch-diff.githubusercontent.com/raw/kristapsdz/rpki-client/pull/9.patch > > From a463f8cb23375f15b74eff49a06e8934423e3dbf Mon Sep 17 00:00:00 2001 > From: dev-gto <43351700+dev-...@users.noreply.github.com> > Date: Wed, 16 Oct 2019 07:22:46 -0300 > Subject: [PATCH] Avoid local time conversion > > --- > mft.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/mft.c b/mft.c > index f9176b4..738f3ff 100644 > --- a/mft.c > +++ b/mft.c > @@ -75,8 +75,8 @@ gentime2time(struct parse *p, const ASN1_GENERALIZEDTIME > *tp) > memset(&tm, 0, sizeof(struct tm)); > if (strptime(buf, "%b %d %T %Y %Z", &tm) == NULL) > errx(EXIT_FAILURE, "%s: strptime", buf); > - if ((t = mktime(&tm)) == -1) > - errx(EXIT_FAILURE, "%s: mktime", buf); > + if ((t = timegm(&tm)) == -1) > + errx(EXIT_FAILURE, "%s: timegm", buf); > return t; > } > > -- :wq Claudio
