Add CT methods to standard_exts, fix timestamp printing

Tue, 23 Nov 2021 20:14:42 -0800 

Two small diffs now that beck has linked the certificate transparency
code to the build.

The diff for ext_dat.h links the CT methods to the standard extensions.
This replaces the gibberish from the CT extensions which are now present
in most certs with something readable. Try

$ openssl s_client -connect libressl.org:443 | openssl x509 -noout -text

The diff for ct_prn makes sure that the timestamp is actually printed.
Our ASN1_GENERALIZEDTIME_set_string() does not accept fractional
seconds, so don't feed them into it for printing.  eopenssl11 doesn't
print the fractional sections either.

Index: x509/ext_dat.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/ext_dat.h,v
retrieving revision 1.3
diff -u -p -r1.3 ext_dat.h
--- x509/ext_dat.h      2 Sep 2021 21:27:26 -0000       1.3
+++ x509/ext_dat.h      16 Nov 2021 16:56:19 -0000
@@ -73,6 +73,7 @@ extern X509V3_EXT_METHOD v3_crl_hold, v3
 extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
 extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
 extern const X509V3_EXT_METHOD v3_addr, v3_asid;
+extern const X509V3_EXT_METHOD v3_ct_scts[3];
 
 /* This table will be searched using OBJ_bsearch so it *must* kept in
  * order of the ext_nid values.
@@ -129,6 +130,11 @@ static const X509V3_EXT_METHOD *standard
        &v3_idp,
        &v3_alt[2],
        &v3_freshest_crl,
+#ifndef OPENSSL_NO_CT
+       &v3_ct_scts[0],
+       &v3_ct_scts[1],
+       &v3_ct_scts[2],
+#endif
 };
 
 /* Number of standard extensions */
Index: ct/ct_prn.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/ct/ct_prn.c,v
retrieving revision 1.3
diff -u -p -r1.3 ct_prn.c
--- ct/ct_prn.c 20 Nov 2021 01:10:49 -0000      1.3
+++ ct/ct_prn.c 21 Nov 2021 15:32:56 -0000
@@ -71,8 +71,7 @@ timestamp_print(uint64_t timestamp, BIO 
         * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15
         * characters long with a final Z. Update it with fractional seconds.
         */
-       snprintf(genstr, sizeof(genstr), "%.14s.%03dZ",
-           ASN1_STRING_get0_data(gen), (unsigned int)(timestamp % 1000));
+       snprintf(genstr, sizeof(genstr), "%.14sZ", ASN1_STRING_get0_data(gen));
        if (ASN1_GENERALIZEDTIME_set_string(gen, genstr))
                ASN1_GENERALIZEDTIME_print(out, gen);
        ASN1_GENERALIZEDTIME_free(gen);

Reply via email to