logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0001-Use-patched-bearssl-method-to-retrieve-validity-peri.patch (1386B)


  1. From 7701b90a015c4e4c2b6af6e8b53315dce1f6c780 Mon Sep 17 00:00:00 2001
  2. From: Michael Forney <mforney@mforney.org>
  3. Date: Sun, 29 Mar 2020 13:07:39 -0700
  4. Subject: [PATCH] Use patched bearssl method to retrieve validity period
  5. ---
  6. tls_conninfo.c | 22 ++++++++++++++++++----
  7. 1 file changed, 18 insertions(+), 4 deletions(-)
  8. diff --git a/tls_conninfo.c b/tls_conninfo.c
  9. index ccce70d..1e9b57e 100644
  10. --- a/tls_conninfo.c
  11. +++ b/tls_conninfo.c
  12. @@ -162,10 +162,24 @@ static int
  13. tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
  14. time_t *notafter)
  15. {
  16. - /* XXX: BearSSL has no way to get certificate notBefore and
  17. - * notAfter */
  18. - *notbefore = -1;
  19. - *notafter = -1;
  20. + br_x509_decoder_context xc;
  21. + uint32_t notbefore_days, notbefore_seconds;
  22. + uint32_t notafter_days, notafter_seconds;
  23. + int err;
  24. +
  25. + br_x509_decoder_init(&xc, NULL, NULL);
  26. + br_x509_decoder_push(&xc, ctx->peer_chain[0].data, ctx->peer_chain[0].data_len);
  27. +
  28. + if ((err = br_x509_decoder_last_error(&xc)) != 0) {
  29. + tls_set_errorx(ctx, "%s", bearssl_strerror(err));
  30. + return (-1);
  31. + }
  32. +
  33. + br_x509_decoder_get_notbefore(&xc, &notbefore_days, &notbefore_seconds);
  34. + br_x509_decoder_get_notafter(&xc, &notafter_days, &notafter_seconds);
  35. +
  36. + *notbefore = 86400LL * (notbefore_days - 719528) + notbefore_seconds;
  37. + *notafter = 86400LL * (notafter_days - 719528) + notafter_seconds;
  38. return (0);
  39. }
  40. --
  41. 2.31.1