diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-10-06 09:06:57 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-10-06 09:06:57 -0400 |
| commit | bfd9dccdb8692a8d1d04c1c4004bc4bd3236c7b1 (patch) | |
| tree | 7182aefdd58b4671f27aa917d8aefa2fd977fb50 /src/common/tortls.c | |
| parent | b216340d75403571b8031baf5f63f751584470d1 (diff) | |
| parent | 1eb838b30361b0dcc1e2b82815be25391d5a15f1 (diff) | |
| download | tor-bfd9dccdb8692a8d1d04c1c4004bc4bd3236c7b1.tar.gz tor-bfd9dccdb8692a8d1d04c1c4004bc4bd3236c7b1.zip | |
Merge remote-tracking branch 'origin/maint-0.2.7'
Diffstat (limited to 'src/common/tortls.c')
| -rw-r--r-- | src/common/tortls.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 59c8f31b77..156750853e 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -78,6 +78,11 @@ #include "container.h" #include <string.h> +#define X509_get_notBefore_const(cert) \ + ((const ASN1_TIME*) X509_get_notBefore((X509 *)cert)) +#define X509_get_notAfter_const(cert) \ + ((const ASN1_TIME*) X509_get_notAfter((X509 *)cert)) + /* Enable the "v2" TLS handshake. */ #define V2_HANDSHAKE_SERVER @@ -2136,7 +2141,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem) if (!(bio = BIO_new(BIO_s_mem()))) { log_warn(LD_GENERAL, "Couldn't allocate BIO!"); goto end; } - if (!(ASN1_TIME_print(bio, X509_get_notBefore(cert)))) { + if (!(ASN1_TIME_print(bio, X509_get_notBefore_const(cert)))) { tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime"); goto end; } @@ -2144,7 +2149,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem) s1 = tor_strndup(buf->data, buf->length); (void)BIO_reset(bio); - if (!(ASN1_TIME_print(bio, X509_get_notAfter(cert)))) { + if (!(ASN1_TIME_print(bio, X509_get_notAfter_const(cert)))) { tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime"); goto end; } @@ -2306,12 +2311,12 @@ check_cert_lifetime_internal(int severity, const X509 *cert, now = time(NULL); t = now + future_tolerance; - if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) { + if (X509_cmp_time(X509_get_notBefore_const(cert), &t) > 0) { log_cert_lifetime(severity, cert, "not yet valid"); return -1; } t = now - past_tolerance; - if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) { + if (X509_cmp_time(X509_get_notAfter_const(cert), &t) < 0) { log_cert_lifetime(severity, cert, "already expired"); return -1; } |