rpki-client: use sentinel idiom for timegm(3) error check

mirror of https://github.com/openbsd/src.git synced 2026-06-18 07:13:36 +02:00

We currently fail on ASN.1 times before the epoch. There is nothing wrong
in principle with those. Both UTCTime and GeneralizedTimes can represent
such times and we should be able to accept them.

Modern OpenSSL and LibreSSL ensure in ASN1_TIME_to_tm() that the times are
well formed according to the DER, so this call is really only a translation
step.

ok claudio deraadt

This commit is contained in:

2026-05-27 13:57:16 +00:00

parent 1708629beb

commit 7fd0510c05

1 changed files with 3 additions and 2 deletions

									
										usr.sbin/rpki-client/x509.c
									
		+3
		-2
	
												View File
												
				@@ -1,4 +1,4 @@

				/*	$OpenBSD: x509.c,v 1.131 2026/04/13 03:36:10 tb Exp $ */

				/*	$OpenBSD: x509.c,v 1.132 2026/05/27 13:57:16 tb Exp $ */

				/*

				 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>

				 * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>

				@@ -298,7 +298,8 @@ x509_get_time(const ASN1_TIME *at, time_t *t)

						return 0;

					if (!ASN1_TIME_to_tm(at, &tm))

						return 0;

					if ((*t = timegm(&tm)) < 0)

					tm.tm_wday = -1;

					if ((*t = timegm(&tm)) == -1 && tm.tm_wday == -1)

						return 0;

					return 1;

				}