logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0001-Use-patched-bearssl-method-to-retrieve-validity-peri.patch (1386B)

    

  1. From 7701b90a015c4e4c2b6af6e8b53315dce1f6c780 Mon Sep 17 00:00:00 2001
  2. From: Michael Forney <mforney@mforney.org>
  3. Date: Sun, 29 Mar 2020 13:07:39 -0700
  4. Subject: [PATCH] Use patched bearssl method to retrieve validity period
  6. ---
  7.  tls_conninfo.c | 22 ++++++++++++++++++----
  8.  1 file changed, 18 insertions(+), 4 deletions(-)
  10. diff --git a/tls_conninfo.c b/tls_conninfo.c
  11. index ccce70d..1e9b57e 100644
  12. --- a/tls_conninfo.c
  13. +++ b/tls_conninfo.c
  14. @@ -162,10 +162,24 @@ static int
  15.  tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
  16.      time_t *notafter)
  17.  {
  18. -	/* XXX: BearSSL has no way to get certificate notBefore and
  19. -	 * notAfter */
  20. -	*notbefore = -1;
  21. -	*notafter = -1;
  22. +	br_x509_decoder_context xc;
  23. +	uint32_t notbefore_days, notbefore_seconds;
  24. +	uint32_t notafter_days, notafter_seconds;
  25. +	int err;
  26. +
  27. +	br_x509_decoder_init(&xc, NULL, NULL);
  28. +	br_x509_decoder_push(&xc, ctx->peer_chain[0].data, ctx->peer_chain[0].data_len);
  29. +
  30. +	if ((err = br_x509_decoder_last_error(&xc)) != 0) {
  31. +		tls_set_errorx(ctx, "%s", bearssl_strerror(err));
  32. +		return (-1);
  33. +	}
  34. +
  35. +	br_x509_decoder_get_notbefore(&xc, &notbefore_days, &notbefore_seconds);
  36. +	br_x509_decoder_get_notafter(&xc, &notafter_days, &notafter_seconds);
  37. +
  38. +	*notbefore = 86400LL * (notbefore_days - 719528) + notbefore_seconds;
  39. +	*notafter = 86400LL * (notafter_days - 719528) + notafter_seconds;
  40.  
  41.  	return (0);
  42.  }
  43. -- 
  44. 2.31.1