0001-Use-patched-bearssl-method-to-retrieve-validity-peri.patch (1386B)
- From 7701b90a015c4e4c2b6af6e8b53315dce1f6c780 Mon Sep 17 00:00:00 2001
- From: Michael Forney <mforney@mforney.org>
- Date: Sun, 29 Mar 2020 13:07:39 -0700
- Subject: [PATCH] Use patched bearssl method to retrieve validity period
- ---
- tls_conninfo.c | 22 ++++++++++++++++++----
- 1 file changed, 18 insertions(+), 4 deletions(-)
- diff --git a/tls_conninfo.c b/tls_conninfo.c
- index ccce70d..1e9b57e 100644
- --- a/tls_conninfo.c
- +++ b/tls_conninfo.c
- @@ -162,10 +162,24 @@ static int
- tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
- time_t *notafter)
- {
- - /* XXX: BearSSL has no way to get certificate notBefore and
- - * notAfter */
- - *notbefore = -1;
- - *notafter = -1;
- + br_x509_decoder_context xc;
- + uint32_t notbefore_days, notbefore_seconds;
- + uint32_t notafter_days, notafter_seconds;
- + int err;
- +
- + br_x509_decoder_init(&xc, NULL, NULL);
- + br_x509_decoder_push(&xc, ctx->peer_chain[0].data, ctx->peer_chain[0].data_len);
- +
- + if ((err = br_x509_decoder_last_error(&xc)) != 0) {
- + tls_set_errorx(ctx, "%s", bearssl_strerror(err));
- + return (-1);
- + }
- +
- + br_x509_decoder_get_notbefore(&xc, ¬before_days, ¬before_seconds);
- + br_x509_decoder_get_notafter(&xc, ¬after_days, ¬after_seconds);
- +
- + *notbefore = 86400LL * (notbefore_days - 719528) + notbefore_seconds;
- + *notafter = 86400LL * (notafter_days - 719528) + notafter_seconds;
- return (0);
- }
- --
- 2.31.1