BUG/MEDIUM: ssl: fix OCSP expiry calculation

The hour part of the timezone offset was multiplied by 60 instead of
3600, resulting in an inaccurate expiry. This bug was introduced in
1.6-dev1 by commit 4f3c87a ("BUG/MEDIUM: ssl: Fix to not serve expired
OCSP responses."), so this fix must be backported into 1.7 and 1.6.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 989d7e1cfff67861006bc62b82b36a78cd1793ee..774a5a683d968fa593e63f73e36ccb62c833ab36 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -546,12 +546,12 @@ nosec:
        else if (p[0] == '+') {
                if (end - p != 5) return -1;
                /* Apply timezone offset */
-               return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
+               return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
        }
        else if (p[0] == '-') {
                if (end - p != 5) return -1;
                /* Apply timezone offset */
-               return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
+               return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
        }
 
        return -1;