CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds
authorRob Percival <robpercival@google.com>
Tue, 4 Apr 2017 22:24:28 +0000 (23:24 +0100)
committerRichard Levitte <levitte@openssl.org>
Wed, 12 Apr 2017 17:08:57 +0000 (19:08 +0200)
This resulted in the SCT timestamp check always failing, because the
timestamp appeared to be in the future.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3138)

ssl/ssl_lib.c

index 4f4eba104ae4f957c2f6f90021cf3ddd66efe15f..4de2b47455cffe12c477932a7ff7786536d1697e 100644 (file)
@@ -4361,7 +4361,8 @@ int ssl_validate_ct(SSL *s)
     CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
     CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
     CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
     CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
     CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
     CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
-    CT_POLICY_EVAL_CTX_set_time(ctx, SSL_SESSION_get_time(SSL_get0_session(s)));
+    CT_POLICY_EVAL_CTX_set_time(
+            ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
 
     scts = SSL_get0_peer_scts(s);
 
 
     scts = SSL_get0_peer_scts(s);