From cdf9fde26921110a8270f2a5e6ff8482087bf425 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 29 May 2026 04:12:22 +0000 Subject: [PATCH] acme-client: fix timegm(3) invocations Use the tm.tm_wday = -1 sentinel check and switch X509notbefore() and X509notafter() to use a time_t * output parameter since an in-band error doesn't work for them for the same reason it doesn't work for timegm(3). The error check remains against -1 to keep the diff small, but should perhaps be changed to use a Boolean 0/1 approach. Of course, with the aggressive push to very short-lived certificates in the WebPKI, negative epoch times won't happen here in practice. ok florian --- usr.sbin/acme-client/revokeproc.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c index 6fe34043129..c6b700374c6 100644 --- a/usr.sbin/acme-client/revokeproc.c +++ b/usr.sbin/acme-client/revokeproc.c @@ -1,4 +1,4 @@ -/* $Id: revokeproc.c,v 1.28 2026/03/02 10:38:44 tb Exp $ */ +/* $Id: revokeproc.c,v 1.29 2026/05/29 04:12:22 tb Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons * @@ -37,8 +37,8 @@ /* * Convert the X509's notAfter time into a time_t value. */ -static time_t -X509notafter(X509 *x) +static int +X509notafter(const X509 *x, time_t *notafter) { ASN1_TIME *atim; struct tm t; @@ -51,14 +51,18 @@ X509notafter(X509 *x) if (!ASN1_TIME_to_tm(atim, &t)) return -1; - return timegm(&t); + t.tm_wday = -1; + if ((*notafter = timegm(&t)) == -1 && t.tm_wday == -1) + return -1; + + return 0; } /* * Convert the X509's notBefore time into a time_t value. */ -static time_t -X509notbefore(X509 *x) +static int +X509notbefore(const X509 *x, time_t *notbefore) { ASN1_TIME *atim; struct tm t; @@ -71,7 +75,11 @@ X509notbefore(X509 *x) if (!ASN1_TIME_to_tm(atim, &t)) return -1; - return timegm(&t); + t.tm_wday = -1; + if ((*notbefore = timegm(&t)) == -1 && t.tm_wday == -1) + return -1; + + return 0; } int @@ -141,12 +149,12 @@ revokeproc(int fd, const char *certfile, int force, /* Read out the expiration date. */ - if ((notafter = X509notafter(x)) == -1) { + if (X509notafter(x, ¬after) == -1) { warnx("X509notafter"); goto out; } - if ((notbefore = X509notbefore(x)) == -1) { + if (X509notbefore(x, ¬before) == -1) { warnx("X509notbefore"); goto out; }