This should probably been part of my last diff, but I noticed it only
on commit... acme-client contains the same mistake as rpki-client had:
all times in certificates are expressed in GMT, so using the TZ dependent
output of mktime() and mixing it with the output of time(NULL) is wrong.
I don't think it matters all that much here that we might be off by half
a day compared to the 30 days RENEW_ALLOW, but it's still wrong.
Index: revokeproc.c
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/revokeproc.c,v
retrieving revision 1.22
diff -u -p -r1.22 revokeproc.c
--- revokeproc.c 15 Dec 2022 16:59:04 -0000 1.22
+++ revokeproc.c 15 Dec 2022 17:02:14 -0000
@@ -54,7 +54,7 @@ X509expires(X509 *x)
return -1;
}
- return mktime(&t);
+ return timegm(&t);
}
int
