GeneralizedTime.
Changes between 0.9.1c and 0.9.2
+ *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
+ ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
+ Removed the versions check from X509 routines when loading extensions:
+ this allows certain broken certificates that don't set the version
+ properly to be processed.
+ [Steve Henson]
+
*) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
can still be regenerated with "make depend".
C file. To rebuild all the error codes from scratch (the old behaviour)
either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
or delete all the .err files.
+ [Steve Henson]
*) CAST-128 was incorrectly implemented for short keys. The C version has
been fixed, but is untested. The assembler versions are also fixed, but
if (lastupdate == i)
{
fprintf(stdout,"lastUpdate=");
- ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate);
+ ASN1_TIME_print(bio_out,x->crl->lastUpdate);
fprintf(stdout,"\n");
}
if (nextupdate == i)
{
fprintf(stdout,"nextUpdate=");
if (x->crl->nextUpdate != NULL)
- ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
+ ASN1_TIME_print(bio_out,x->crl->nextUpdate);
else
fprintf(stdout,"NONE");
fprintf(stdout,"\n");
fprintf(stdout,"revoked: serialNumber=");
i2a_ASN1_INTEGER(out,r->serialNumber);
fprintf(stdout," revocationDate=");
- ASN1_UTCTIME_print(bio_out,r->revocationDate);
+ ASN1_TIME_print(bio_out,r->revocationDate);
fprintf(stdout,"\n");
}
sk_free(sk);
BIO_puts(out,buf);
BIO_puts(out,"\nlast update=");
- ASN1_UTCTIME_print(out,crl->crl->lastUpdate);
+ ASN1_TIME_print(out,crl->crl->lastUpdate);
BIO_puts(out,"\nnext update=");
- ASN1_UTCTIME_print(out,crl->crl->nextUpdate);
+ ASN1_TIME_print(out,crl->crl->nextUpdate);
BIO_puts(out,"\n");
PEM_write_bio_X509_CRL(out,crl);
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
BIO_printf(bio_err,"notBefore=");
- ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+ ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
BIO_printf(bio_err,"\n");
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
BIO_printf(bio_err,"notAfter=");
- ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+ ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
BIO_printf(bio_err,"\n");
break;
}
else if (startdate == i)
{
BIO_puts(STDout,"notBefore=");
- ASN1_UTCTIME_print(STDout,X509_get_notBefore(x));
+ ASN1_TIME_print(STDout,X509_get_notBefore(x));
BIO_puts(STDout,"\n");
}
else if (enddate == i)
{
BIO_puts(STDout,"notAfter=");
- ASN1_UTCTIME_print(STDout,X509_get_notAfter(x));
+ ASN1_TIME_print(STDout,X509_get_notAfter(x));
BIO_puts(STDout,"\n");
}
else if (fingerprint == i)
if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
if (BIO_write(bp,"\n Validity\n",18) <= 0) goto err;
if (BIO_write(bp," Not Before: ",24) <= 0) goto err;
- if (!ASN1_UTCTIME_print(bp,X509_get_notBefore(x))) goto err;
+ if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err;
- if (!ASN1_UTCTIME_print(bp,X509_get_notAfter(x))) goto err;
+ if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
if (BIO_write(bp,"\n Subject: ",18) <= 0) goto err;
if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
if (BIO_write(bp,"\n Subject Public Key Info:\n",34) <= 0)
M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
V_ASN1_BIT_STRING);
}
+/* Note: some broken certificates include extensions but don't set
+ * the version number properly. By bypassing this check they can
+ * be parsed.
+ */
+
+#ifdef VERSION_EXT_CHECK
if (ver >= 2) /* version 3 extensions */
+#endif
{
if (ret->extensions != NULL)
while (sk_num(ret->extensions))
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
- M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_UTCTIME);
+ M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_TIME);
M_ASN1_I2D_len_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
- M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_UTCTIME);
+ M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_TIME);
M_ASN1_I2D_put_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION);
M_ASN1_I2D_finish();
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
- M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_UTCTIME);
+ M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_TIME);
M_ASN1_D2I_get_seq_opt(ret->extensions,d2i_X509_EXTENSION,
X509_EXTENSION_free);
M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
}
M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
- M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_UTCTIME);
+ M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_TIME);
if (a->nextUpdate != NULL)
- { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME); }
+ { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_TIME); }
M_ASN1_I2D_len_SEQUENCE_opt(a->revoked,i2d_X509_REVOKED);
M_ASN1_I2D_len_EXP_SEQUENCE_opt(a->extensions,i2d_X509_EXTENSION,0,
V_ASN1_SEQUENCE,v1);
}
M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
- M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_UTCTIME);
- M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME,V_ASN1_UTCTIME);
+ M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_TIME);
+ /* Manually handle the OPTIONAL ASN1_TIME stuff */
+ if((c.slen != 0) &&
+ ( ( (M_ASN1_next & ~V_ASN1_CONSTRUCTED) ==
+ V_ASN1_UNIVERSAL|V_ASN1_UTCTIME)
+ || ( ( (M_ASN1_next & ~V_ASN1_CONSTRUCTED) ==
+ V_ASN1_UNIVERSAL|V_ASN1_GENERALIZEDTIME) ) ) ) {
+ M_ASN1_D2I_get(ret->nextUpdate,d2i_ASN1_TIME);
+ }
+ if(!ret->nextUpdate)
+ M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_GENERALIZEDTIME,
+ V_ASN1_GENERALIZEDTIME);
if (ret->revoked != NULL)
{
while (sk_num(ret->revoked))
{
M_ASN1_I2D_vars(a);
- M_ASN1_I2D_len(a->notBefore,i2d_ASN1_UTCTIME);
- M_ASN1_I2D_len(a->notAfter,i2d_ASN1_UTCTIME);
+ M_ASN1_I2D_len(a->notBefore,i2d_ASN1_TIME);
+ M_ASN1_I2D_len(a->notAfter,i2d_ASN1_TIME);
M_ASN1_I2D_seq_total();
- M_ASN1_I2D_put(a->notBefore,i2d_ASN1_UTCTIME);
- M_ASN1_I2D_put(a->notAfter,i2d_ASN1_UTCTIME);
+ M_ASN1_I2D_put(a->notBefore,i2d_ASN1_TIME);
+ M_ASN1_I2D_put(a->notAfter,i2d_ASN1_TIME);
M_ASN1_I2D_finish();
}
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
- M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_UTCTIME);
- M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_UTCTIME);
+ M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_TIME);
+ M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_TIME);
M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL);
}
ASN1_CTX c;
M_ASN1_New_Malloc(ret,X509_VAL);
- M_ASN1_New(ret->notBefore,ASN1_UTCTIME_new);
- M_ASN1_New(ret->notAfter,ASN1_UTCTIME_new);
+ M_ASN1_New(ret->notBefore,ASN1_TIME_new);
+ M_ASN1_New(ret->notAfter,ASN1_TIME_new);
return(ret);
M_ASN1_New_Error(ASN1_F_X509_VAL_NEW);
}
X509_VAL *a;
{
if (a == NULL) return;
- ASN1_UTCTIME_free(a->notBefore);
- ASN1_UTCTIME_free(a->notAfter);
+ ASN1_TIME_free(a->notBefore);
+ ASN1_TIME_free(a->notAfter);
Free((char *)a);
}
projects / openssl.git / commitdiff