Fix to stop X509_time_adj() using GeneralizedTime.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 20 Jan 2001 13:38:45 +0000 (13:38 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 20 Jan 2001 13:38:45 +0000 (13:38 +0000)
CHANGES
crypto/x509/x509_vfy.c

diff --git a/CHANGES b/CHANGES
index f548204..f5d92ae 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,15 @@
 
  Changes between 0.9.6 and 0.9.7  [xx XXX 2000]
 
+  *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
+     Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
+     effectively meant GeneralizedTime would never be used. Now it
+     is initialised to -1 but X509_time_adj() now has to check the value
+     and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
+     V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
+     [Steve Henson, reported by Kenneth R. Robinette
+                               <support@securenetterm.com>]
+
   *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
      result in a zero length in the ASN1_INTEGER structure which was
      not consistent with the structure when d2i_ASN1_INTEGER() was used
index 32515cb..73eecd6 100644 (file)
@@ -645,14 +645,16 @@ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
 ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
        {
        time_t t;
+       int type = -1;
 
        if (in_tm) t = *in_tm;
        else time(&t);
 
        t+=adj;
-       if (!s) return ASN1_TIME_set(s, t);
-       if (s->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
-       return ASN1_GENERALIZEDTIME_set(s, t);
+       if (s) type = s->type;
+       if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
+       if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
+       return ASN1_TIME_set(s, t);
        }
 
 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)