logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git
commit: 064fe2fb7480bd316a6be11b5b803bcc5f183677
parent 27f8b20b3bf7ff46ba776aee6b7198d6ac7ab0fa
Author: Michael Forney <mforney@mforney.org>
Date:   Sun, 29 Mar 2020 13:08:56 -0700

libtls-bearssl: Use patched bearssl method to retrieve validity period


Diffstat:


M.gitmodules1+


Apkg/libtls-bearssl/patch/0001-Use-patched-bearssl-method-to-retrieve-validity-peri.patch45+++++++++++++++++++++++++++++++++++++++++++++


Mpkg/libtls-bearssl/ver2+-


3 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/.gitmodules b/.gitmodules
@@ -145,6 +145,7 @@
 [submodule "pkg/libtls-bearssl/src"]
 	path = pkg/libtls-bearssl/src
 	url = https://git.sr.ht/~mcf/libtls-bearssl
+	ignore = all
 [submodule "pkg/libutp/src"]
 	path = pkg/libutp/src
 	url = https://github.com/oasislinux/libutp.git
diff --git a/pkg/libtls-bearssl/patch/0001-Use-patched-bearssl-method-to-retrieve-validity-peri.patch b/pkg/libtls-bearssl/patch/0001-Use-patched-bearssl-method-to-retrieve-validity-peri.patch
@@ -0,0 +1,45 @@
+From 639eeb5958345cbe9db6a53dd2429a0d5157e0fd Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sun, 29 Mar 2020 13:07:39 -0700
+Subject: [PATCH] Use patched bearssl method to retrieve validity period
+
+---
+ tls_conninfo.c | 22 ++++++++++++++++++----
+ 1 file changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/tls_conninfo.c b/tls_conninfo.c
+index d3a6844..1c7c686 100644
+--- a/tls_conninfo.c
++++ b/tls_conninfo.c
+@@ -164,10 +164,24 @@ static int
+ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
+     time_t *notafter)
+ {
+-	/* XXX: BearSSL has no way to get certificate notBefore and
+-	 * notAfter */
+-	*notbefore = -1;
+-	*notafter = -1;
++	br_x509_decoder_context xc;
++	uint32_t notbefore_days, notbefore_seconds;
++	uint32_t notafter_days, notafter_seconds;
++	int err;
++
++	br_x509_decoder_init(&xc, NULL, NULL);
++	br_x509_decoder_push(&xc, ctx->peer_chain[0].data, ctx->peer_chain[0].data_len);
++
++	if ((err = br_x509_decoder_last_error(&xc)) != 0) {
++		tls_set_errorx(ctx, "%s", bearssl_strerror(err));
++		return (-1);
++	}
++
++	br_x509_decoder_get_notbefore(&xc, &notbefore_days, &notbefore_seconds);
++	br_x509_decoder_get_notafter(&xc, &notafter_days, &notafter_seconds);
++
++	*notbefore = 86400LL * (notbefore_days - 719528) + notbefore_seconds;
++	*notafter = 86400LL * (notafter_days - 719528) + notafter_seconds;
+ 
+ 	return (0);
+ }
+-- 
+2.26.0
+
diff --git a/pkg/libtls-bearssl/ver b/pkg/libtls-bearssl/ver
@@ -1 +1 @@
-99e1f3aa21 r0
+0.1 r0