diff --git a/CHANGES b/CHANGES index 227de87b1e..0325df3e82 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,11 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string() + set string type: to handle setting ASN1_TIME structures. Fix ca + utility to correctly initialize revocation date of CRLs. + [Steve Henson] + *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override the clients preferred ciphersuites and rather use its own preferences. Should help to work around M$ SGC (Server Gated Cryptography) bug in diff --git a/apps/ca.c b/apps/ca.c index 567ef4777c..b84e842bc0 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1379,10 +1379,9 @@ bad: if (pp[DB_type][0] == DB_TYPE_REV) { if ((r=X509_REVOKED_new()) == NULL) goto err; - ASN1_STRING_set((ASN1_STRING *) - r->revocationDate, - (unsigned char *)pp[DB_rev_date], - strlen(pp[DB_rev_date])); + if (!ASN1_UTCTIME_set_string(r->revocationDate, + pp[DB_rev_date])) + goto err; /* strcpy(r->revocationDate,pp[DB_rev_date]);*/ (void)BIO_reset(hex); diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index d71c190c77..f884b25f96 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -180,6 +180,7 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str) { ASN1_STRING_set((ASN1_STRING *)s, (unsigned char *)str,t.length); + s->type=V_ASN1_GENERALIZEDTIME; } return(1); } diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index 6ddeaff0ec..7cb646429a 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -179,6 +179,7 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str) { ASN1_STRING_set((ASN1_STRING *)s, (unsigned char *)str,t.length); + s->type = V_ASN1_UTCTIME; } return(1); } diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c index f7b938bde2..ab9cd8fcff 100644 --- a/crypto/asn1/t_crl.c +++ b/crypto/asn1/t_crl.c @@ -112,7 +112,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x) rev = X509_CRL_get_REVOKED(x); - if(sk_X509_REVOKED_num(rev)) + if(sk_X509_REVOKED_num(rev) > 0) BIO_printf(out, "Revoked Certificates:\n"); else BIO_printf(out, "No Revoked Certificates.\n");