From 633138564d611b5abeff232c89dccb1b86def449 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <a@unstable.cc>
Date: Thu, 16 Mar 2017 16:21:17 +0800
Subject: [PATCH] CRL: use time_t instead of struct timespec to store last
 mtime

As of now, we store the last mtime for the CRL file in a timespec
object. However we store seconds only and we ignore the subsecond
field (this came into being because not all platforms have nanoseconds
precision in timespec).

Given the above, we can safely replace the timespec object with a
simple time_t.

Reported-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20170316082117.21020-1-a@unstable.cc>
URL: http://www.mail-archive.com/search?l=mid&q=20170316082117.21020-1-a@unstable.cc
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit f3705dd1e711ee9f8546b841e4b18e9e9a224975)
---
 src/openvpn/ssl.c         | 4 ++--
 src/openvpn/ssl_mbedtls.h | 2 +-
 src/openvpn/ssl_openssl.h | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 2d596aca2..1033e581e 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -571,12 +571,12 @@ tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file,
      * Note: Windows does not support tv_nsec.
      */
     if ((ssl_ctx->crl_last_size == crl_stat.st_size)
-        && (ssl_ctx->crl_last_mtime.tv_sec == crl_stat.st_mtime))
+        && (ssl_ctx->crl_last_mtime == crl_stat.st_mtime))
     {
         return;
     }
 
-    ssl_ctx->crl_last_mtime.tv_sec = crl_stat.st_mtime;
+    ssl_ctx->crl_last_mtime = crl_stat.st_mtime;
     ssl_ctx->crl_last_size = crl_stat.st_size;
     backend_tls_ctx_reload_crl(ssl_ctx, crl_file, crl_file_inline);
 }
diff --git a/src/openvpn/ssl_mbedtls.h b/src/openvpn/ssl_mbedtls.h
index 1bc53ce8e..d8f717ce1 100644
--- a/src/openvpn/ssl_mbedtls.h
+++ b/src/openvpn/ssl_mbedtls.h
@@ -74,7 +74,7 @@ struct tls_root_ctx {
     mbedtls_x509_crt *ca_chain;         /**< CA chain for remote verification */
     mbedtls_pk_context *priv_key;       /**< Local private key */
     mbedtls_x509_crl *crl;              /**< Certificate Revocation List */
-    struct timespec crl_last_mtime;     /**< CRL last modification time */
+    time_t crl_last_mtime;              /**< CRL last modification time */
     off_t crl_last_size;                /**< size of last loaded CRL */
 #if defined(ENABLE_PKCS11)
     mbedtls_pkcs11_context *priv_key_pkcs11;    /**< PKCS11 private key */
diff --git a/src/openvpn/ssl_openssl.h b/src/openvpn/ssl_openssl.h
index c64c65f81..6ca4cb6de 100644
--- a/src/openvpn/ssl_openssl.h
+++ b/src/openvpn/ssl_openssl.h
@@ -49,7 +49,7 @@
  */
 struct tls_root_ctx {
     SSL_CTX *ctx;
-    struct timespec crl_last_mtime;
+    time_t crl_last_mtime;
     off_t crl_last_size;
 };
 
-- 
2.47.2