From: Jaeho Nam Date: Sun, 15 Mar 2026 08:31:49 +0000 (+0000) Subject: x509: fix bug in timeSpecification printing X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c7620840bfbc0eae1e535cf77c10dea768aae321;p=thirdparty%2Fopenssl.git x509: fix bug in timeSpecification printing Fix i2r_OSSL_DAY_TIME() to check dt->second before decoding the optional seconds field. Add a regression certificate and x509 recipe coverage for the periodic timeSpecification case with no seconds. Resolves: https://github.com/openssl/openssl/issues/30424 Fixes: 70b17e5a00da "feat: support the timeSpecification X.509v3 extension" Reviewed-by: Eugene Syromiatnikov Reviewed-by: Paul Dale Reviewed-by: Nikola Pajkovsky MergeDate: Fri Mar 20 18:47:04 2026 (Merged from https://github.com/openssl/openssl/pull/30425) --- diff --git a/crypto/x509/v3_timespec.c b/crypto/x509/v3_timespec.c index 28f9a1c6103..f29265f4be2 100644 --- a/crypto/x509/v3_timespec.c +++ b/crypto/x509/v3_timespec.c @@ -167,7 +167,7 @@ static int i2r_OSSL_DAY_TIME(X509V3_EXT_METHOD *method, return 0; if (dt->minute && !ASN1_INTEGER_get_int64(&m, dt->minute)) return 0; - if (dt->minute && !ASN1_INTEGER_get_int64(&s, dt->second)) + if (dt->second && !ASN1_INTEGER_get_int64(&s, dt->second)) return 0; return BIO_printf(out, "%02lld:%02lld:%02lld", (long long int)h, (long long int)m, (long long int)s) diff --git a/test/certs/ext-timeSpecification-periodic-no-second.pem b/test/certs/ext-timeSpecification-periodic-no-second.pem new file mode 100644 index 00000000000..9b23ddbb162 --- /dev/null +++ b/test/certs/ext-timeSpecification-periodic-no-second.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICLzCCAhmgAwIBAgIEDCI4TjANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZI +aSBtb20wIhgPMjAyMjEyMjExNDQ5NDJaGA8yMDIyMTIyMTE0NDk0MlowETEPMA0G +A1UEAwwGSGkgbW9tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnjL +m1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmqnuGrBOUfgbmH +3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWirGu0oDRzhWLHe +1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqIqpOynJB02thX +rTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06GkwLFJHNv2tU ++tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3VuspVz+6pU2xgl3 +nrAVMQHB4fReQPH0pQIDAQABo4GMMIGJMIGGBgNVHSsEfzB9MXUwUaAlMSMwIaAM +MAqgAwIBBaEDAgEroREwD6ADAgEMoQMCASKiAwIBOKEIMQYCAQECAQKiCDEGAgED +AgEEowgxBgIBBQIBBqQKMQgCAgfmAgIH5zAgoQgxBgIBAwIBBKMIMQYCAQcCAQik +CjEIAgIH5wICB+gBAf8CAfswDQYJKoZIhvcNAQEFBQADAQA= +-----END CERTIFICATE----- diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t index 34a6d17be15..d438de0fe29 100644 --- a/test/recipes/25-test_x509.t +++ b/test/recipes/25-test_x509.t @@ -17,7 +17,7 @@ use File::Compare qw/compare_text/; setup("test_x509"); -plan tests => 150; +plan tests => 151; # Prevent MSys2 filename munging for arguments that look like file paths but # aren't @@ -414,6 +414,12 @@ cert_contains($time_spec_per_cert, "Years: 2023, 2024", 1, 'X.509 Time Specification (Periodic)'); +my $time_spec_per_no_second_cert = + srctop_file(@certs, "ext-timeSpecification-periodic-no-second.pem"); +cert_contains($time_spec_per_no_second_cert, + "05:43:00 - 12:34:56", + 1, 'X.509 Time Specification (Periodic, no second)'); + my $attr_map_cert = srctop_file(@certs, "ext-attributeMappings.pem"); cert_contains($attr_map_cert, "commonName == localityName",