diff options
| author | Michael Forney <mforney@mforney.org> | 2020-03-29 13:08:56 -0700 |
|---|---|---|
| committer | Michael Forney <mforney@mforney.org> | 2020-03-29 13:08:56 -0700 |
| commit | 064fe2fb7480bd316a6be11b5b803bcc5f183677 (patch) | |
| tree | 982d90b303d39933166cec5cddbf4907027fb2e9 /pkg/libtls-bearssl | |
| parent | 27f8b20b3bf7ff46ba776aee6b7198d6ac7ab0fa (diff) | |
libtls-bearssl: Use patched bearssl method to retrieve validity period
Diffstat (limited to 'pkg/libtls-bearssl')
| -rw-r--r-- | pkg/libtls-bearssl/patch/0001-Use-patched-bearssl-method-to-retrieve-validity-peri.patch | 45 | ||||
| -rw-r--r-- | pkg/libtls-bearssl/ver | 2 |
2 files changed, 46 insertions, 1 deletions
diff --git a/pkg/libtls-bearssl/patch/0001-Use-patched-bearssl-method-to-retrieve-validity-peri.patch b/pkg/libtls-bearssl/patch/0001-Use-patched-bearssl-method-to-retrieve-validity-peri.patch new file mode 100644 index 00000000..6aa78c5d --- /dev/null +++ b/pkg/libtls-bearssl/patch/0001-Use-patched-bearssl-method-to-retrieve-validity-peri.patch @@ -0,0 +1,45 @@ +From 639eeb5958345cbe9db6a53dd2429a0d5157e0fd Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Sun, 29 Mar 2020 13:07:39 -0700 +Subject: [PATCH] Use patched bearssl method to retrieve validity period + +--- + tls_conninfo.c | 22 ++++++++++++++++++---- + 1 file changed, 18 insertions(+), 4 deletions(-) + +diff --git a/tls_conninfo.c b/tls_conninfo.c +index d3a6844..1c7c686 100644 +--- a/tls_conninfo.c ++++ b/tls_conninfo.c +@@ -164,10 +164,24 @@ static int + tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, + time_t *notafter) + { +- /* XXX: BearSSL has no way to get certificate notBefore and +- * notAfter */ +- *notbefore = -1; +- *notafter = -1; ++ br_x509_decoder_context xc; ++ uint32_t notbefore_days, notbefore_seconds; ++ uint32_t notafter_days, notafter_seconds; ++ int err; ++ ++ br_x509_decoder_init(&xc, NULL, NULL); ++ br_x509_decoder_push(&xc, ctx->peer_chain[0].data, ctx->peer_chain[0].data_len); ++ ++ if ((err = br_x509_decoder_last_error(&xc)) != 0) { ++ tls_set_errorx(ctx, "%s", bearssl_strerror(err)); ++ return (-1); ++ } ++ ++ br_x509_decoder_get_notbefore(&xc, ¬before_days, ¬before_seconds); ++ br_x509_decoder_get_notafter(&xc, ¬after_days, ¬after_seconds); ++ ++ *notbefore = 86400LL * (notbefore_days - 719528) + notbefore_seconds; ++ *notafter = 86400LL * (notafter_days - 719528) + notafter_seconds; + + return (0); + } +-- +2.26.0 + diff --git a/pkg/libtls-bearssl/ver b/pkg/libtls-bearssl/ver index 00d81304..4357785c 100644 --- a/pkg/libtls-bearssl/ver +++ b/pkg/libtls-bearssl/ver @@ -1 +1 @@ -99e1f3aa21 r0 +0.1 r0 |