/**
* Convert a date into ASN.1 UTCTIME or GENERALIZEDTIME format
*/
-chunk_t asn1_from_time(const time_t *time)
+chunk_t asn1_from_time(const time_t *time, asn1_t type)
{
- asn1_t type;
int offset;
const char *format;
char buf[BUF_LEN];
gmtime_r(time, &t);
/* RFC 5280 says that dates through the year 2049 MUST be encoded as UTCTIME
- * and dates in 2050 or later MUST be encoded as GENERALIZEDTIME */
- type = (t.tm_year < 150) ? ASN1_UTCTIME : ASN1_GENERALIZEDTIME;
+ * and dates in 2050 or later MUST be encoded as GENERALIZEDTIME. We only
+ * enforce the latter to avoid overflows but allow callers to force the
+ * encoding to GENERALIZEDTIME */
+ type = (t.tm_year >= 150) ? ASN1_GENERALIZEDTIME : type;
if (type == ASN1_GENERALIZEDTIME)
{
format = "%04d%02d%02d%02d%02d%02dZ";
/**
* Converts time_t to an ASN.1 UTCTIME or GENERALIZEDTIME string
*
- * The type is automatically chosen based on the encoded year.
+ * @note The type is automatically changed to GENERALIZEDTIME if needed
*
* @param time time_t in UTC
+ * @param type ASN1_UTCTIME or ASN1_GENERALIZEDTIME
* @return body of an ASN.1 code time object
*/
-chunk_t asn1_from_time(const time_t *time);
+chunk_t asn1_from_time(const time_t *time, asn1_t type);
/**
* Parse an ASN.1 UTCTIME or GENERALIZEDTIME object
/* take the current time as signingTime */
time_t now = time(NULL);
- chunk_t signingTime = asn1_from_time(&now);
+ chunk_t signingTime = asn1_from_time(&now, ASN1_UTCTIME);
chunk_t messageDigest, attributes;
static chunk_t build_attr_cert_validity(private_x509_ac_t *this)
{
return asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_from_time(&this->notBefore),
- asn1_from_time(&this->notAfter));
+ asn1_from_time(&this->notBefore, ASN1_GENERALIZEDTIME),
+ asn1_from_time(&this->notAfter, ASN1_GENERALIZEDTIME));
}
asn1_algorithmIdentifier(cert->algorithm),
issuer->get_encoding(issuer),
asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_from_time(&cert->notBefore),
- asn1_from_time(&cert->notAfter)),
+ asn1_from_time(&cert->notBefore, ASN1_UTCTIME),
+ asn1_from_time(&cert->notAfter, ASN1_UTCTIME)),
subject->get_encoding(subject),
key_info, extensions);
}
revoked = asn1_wrap(ASN1_SEQUENCE, "mmm",
asn1_integer("c", serial),
- asn1_from_time(&date),
+ asn1_from_time(&date, ASN1_UTCTIME),
entry_ext);
certList = chunk_cat("mm", certList, revoked);
}
ASN1_INTEGER_1,
asn1_algorithmIdentifier(this->algorithm),
this->issuer->get_encoding(this->issuer),
- asn1_from_time(&this->thisUpdate),
- asn1_from_time(&this->nextUpdate),
+ asn1_from_time(&this->thisUpdate, ASN1_UTCTIME),
+ asn1_from_time(&this->nextUpdate, ASN1_UTCTIME),
asn1_wrap(ASN1_SEQUENCE, "m", certList),
extensions);
projects / thirdparty / strongswan.git / commitdiff
