Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
#include <openssl/ct.h>
#include <openssl/err.h>
#include <openssl/ct.h>
#include <openssl/err.h>
#include "ct_locl.h"
CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
{
CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
#include "ct_locl.h"
CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
{
CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
+ time_t epoch_time_in_s;
if (ctx == NULL) {
CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (ctx == NULL) {
CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
+ // Use the current time if available.
+ time(&epoch_time_in_s);
+ if (epoch_time_in_s != -1)
+ ctx->epoch_time_in_ms = epoch_time_in_s * 1000;
+
The SCT timestamp will be compared to this time to check whether the SCT was
issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose
The SCT timestamp will be compared to this time to check whether the SCT was
issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose
-timestamp is in the future". Typically, the time provided to this function will
-be the current time.
+timestamp is in the future". By default, this will be set to the
+current time (obtained by calling time()) if possible.
The time should be in milliseconds since the Unix epoch.
The time should be in milliseconds since the Unix epoch.