wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds

Browse source 
This resulted in the SCT timestamp check always failing, because the
timestamp appeared to be in the future.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3138)
This commit is contained in:
Rob Percival 2017-04-04 23:24:28 +01:00 committed by Richard Levitte
parent 2094ea070a
commit 6a71e06d7a
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ssl/ssl_lib.c
View file

@ -4361,7 +4361,8 @@ int ssl_validate_ct(SSL *s)
CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
CT_POLICY_EVAL_CTX_set_time(ctx, SSL_SESSION_get_time(SSL_get0_session(s)));
CT_POLICY_EVAL_CTX_set_time(
ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
scts = SSL_get0_peer_scts(s);