0001-Use-patched-bearssl-method-to-retrieve-validity-peri.patch (1386B)
1 From 7701b90a015c4e4c2b6af6e8b53315dce1f6c780 Mon Sep 17 00:00:00 2001 2 From: Michael Forney <mforney@mforney.org> 3 Date: Sun, 29 Mar 2020 13:07:39 -0700 4 Subject: [PATCH] Use patched bearssl method to retrieve validity period 5 6 --- 7 tls_conninfo.c | 22 ++++++++++++++++++---- 8 1 file changed, 18 insertions(+), 4 deletions(-) 9 10 diff --git a/tls_conninfo.c b/tls_conninfo.c 11 index ccce70d..1e9b57e 100644 12 --- a/tls_conninfo.c 13 +++ b/tls_conninfo.c 14 @@ -162,10 +162,24 @@ static int 15 tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, 16 time_t *notafter) 17 { 18 - /* XXX: BearSSL has no way to get certificate notBefore and 19 - * notAfter */ 20 - *notbefore = -1; 21 - *notafter = -1; 22 + br_x509_decoder_context xc; 23 + uint32_t notbefore_days, notbefore_seconds; 24 + uint32_t notafter_days, notafter_seconds; 25 + int err; 26 + 27 + br_x509_decoder_init(&xc, NULL, NULL); 28 + br_x509_decoder_push(&xc, ctx->peer_chain[0].data, ctx->peer_chain[0].data_len); 29 + 30 + if ((err = br_x509_decoder_last_error(&xc)) != 0) { 31 + tls_set_errorx(ctx, "%s", bearssl_strerror(err)); 32 + return (-1); 33 + } 34 + 35 + br_x509_decoder_get_notbefore(&xc, ¬before_days, ¬before_seconds); 36 + br_x509_decoder_get_notafter(&xc, ¬after_days, ¬after_seconds); 37 + 38 + *notbefore = 86400LL * (notbefore_days - 719528) + notbefore_seconds; 39 + *notafter = 86400LL * (notafter_days - 719528) + notafter_seconds; 40 41 return (0); 42 } 43 -- 44 2.31.1 45