/* for uint64_t */
#include <stdint.h>
+#include "timespec.h"
#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)
#undef gettime
logfile = file;
}
+static struct timespec time_at;
+static bool time_at_set;
+
+void get_system_time(struct timespec *ts)
+{
+ if (time_at_set) {
+ *ts = time_at;
+ } else {
+ gettime(ts);
+ }
+}
+
+static time_t mytime(time_t *t)
+{
+ if (t) {
+ *t = time_at.tv_sec;
+ }
+ return time_at.tv_sec;
+}
+
+void set_system_time(struct timespec *ts)
+{
+ time_at = *ts;
+ time_at_set = true;
+
+ gnutls_global_set_time_function(mytime);
+}
+
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wformat-y2k"
/* This is very similar to ctime() but it does not force a newline.
#include "socket.h"
#undef OCSP_RESPONSE
#endif
+#include "timespec.h"
#ifndef __attribute__
#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
#define SIMPLE_CTIME_BUF_SIZE 64
char *simple_ctime(const time_t *t, char buf[SIMPLE_CTIME_BUF_SIZE]);
+void get_system_time(struct timespec *ts);
+void set_system_time(struct timespec *ts);
+
#endif /* GNUTLS_SRC_COMMON_H */
gnutls_ocsp_resp_t resp;
int ret;
unsigned int status, cert_status;
+ struct timespec r;
time_t rtime, vtime, ntime, now;
char timebuf1[SIMPLE_CTIME_BUF_SIZE];
char timebuf2[SIMPLE_CTIME_BUF_SIZE];
- now = time(0);
+ get_system_time(&r);
+ now = r.tv_sec;
ret = gnutls_ocsp_resp_init(&resp);
if (ret < 0) {
"long-option": "verify-allow-broken",
"description": "Allow broken algorithms, such as MD5 for verification",
"detail": "This can be combined with --verify-response."
+ },
+ {
+ "long-option": "attime",
+ "description": "Perform validation at the timestamp instead of the system time",
+ "detail": "timestamp is an instance in time encoded as Unix time or in a human\n readable timestring such as \"29 Feb 2004\", \"2004-02-29\".\nFull documentation available at \n<https://www.gnu.org/software/coreutils/manual/html_node/Date-input-formats.html>\nor locally via info '(coreutils) date invocation'.",
+ "argument-name": "timestamp",
+ "argument-type": "string"
}
]
}
#include <read-file.h>
#include <socket.h>
#include <minmax.h>
+#include "parse-datetime.h"
#include <ocsptool-common.h>
#include "ocsptool-options.h"
#include "certtool-common.h"
+#include "common.h"
FILE *outfile;
static unsigned int incert_format, outcert_format;
gnutls_global_set_log_function(tls_log_func);
gnutls_global_set_log_level(OPT_VALUE_DEBUG);
+ if (ENABLED_OPT(ATTIME)) {
+ struct timespec r;
+
+ if (!parse_datetime(&r, OPT_ARG(ATTIME), NULL)) {
+ fprintf(stderr,
+ "%s option value %s is not a valid time\n",
+ "attime", OPT_ARG(ATTIME));
+ app_exit(1);
+ }
+ set_system_time(&r);
+ }
+
if (ENABLED_OPT(INDER))
incert_format = GNUTLS_X509_FMT_DER;
else
. "${srcdir}/scripts/common.sh"
-skip_if_no_datefudge
-
-"$FAKETIME" "$FAKETIME_F_OPT" "2017-06-19 00:00:00" \
- "${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken
+"${OCSPTOOL}" --attime "2017-06-19" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken
rc=$?
# We're done.
exit ${rc}
fi
-"$FAKETIME" "$FAKETIME_F_OPT" "2017-06-19 00:00:00" \
- "${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com-unsorted.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken
+"${OCSPTOOL}" --attime "2017-06-19" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com-unsorted.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken
rc=$?
# We're done.
exit ${rc}
fi
+
# verify an OCSP response using ECDSA
-"$FAKETIME" "$FAKETIME_F_OPT" "2017-06-29 00:00:00" \
- "${OCSPTOOL}" -d 6 -e --load-chain "${srcdir}/ocsp-tests/certs/chain-akamai.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-akamai.com.der"
+"${OCSPTOOL}" --attime "2017-06-29" -d 6 -e --load-chain "${srcdir}/ocsp-tests/certs/chain-akamai.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-akamai.com.der"
rc=$?
# We're done.
t=0
while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do
# Run a test request to make sure the server works
- "$FAKETIME" "${TESTDATE}" \
- ${VALGRIND} "${OCSPTOOL}" --ask \
- --load-cert "${SERVER_CERT_FILE}" \
- --load-issuer "${srcdir}/ocsp-tests/certs/ca.pem" \
- --outfile "${OCSP_RESPONSE_FILE}"
+ ${VALGRIND} "${OCSPTOOL}" --ask --attime "${TESTDATE}" \
+ --load-cert "${SERVER_CERT_FILE}" \
+ --load-issuer "${srcdir}/ocsp-tests/certs/ca.pem" \
+ --outfile "${OCSP_RESPONSE_FILE}"
rc=$?
if test "${rc}" = "0"; then
break
. "${srcdir}/scripts/common.sh"
-skip_if_no_datefudge
-
date="2021-07-14 00:00:00"
sample_dir="${srcdir}/ocsp-tests/signer-verify"
trusted="${sample_dir}/trust.pem"
verify_response ()
{
echo "verifying ${sample_dir}/${1} using ${trusted}"
- "$FAKETIME" "$FAKETIME_F_OPT" "${date}" \
- "${OCSPTOOL}" --infile="${sample_dir}/${1}" \
+ "${OCSPTOOL}" --attime "${date}" --infile="${sample_dir}/${1}" \
--verify-response --load-trust="${trusted}"
return $?
}
. "${srcdir}/scripts/common.sh"
-skip_if_no_datefudge
-
# Note that in rare cases this test may fail because the
# time set using faketime/datefudge could have changed since the generation
# (if example the system was busy)
-"$FAKETIME" "$FAKETIME_F_OPT" "2016-04-22 00:00:00" \
- "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response1.der"
+"${OCSPTOOL}" --attime "2016-04-22" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response1.der"
rc=$?
# We're done.
exit ${rc}
fi
-"$FAKETIME" "$FAKETIME_F_OPT" "2016-04-22 00:00:00" \
- "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --infile "${srcdir}/ocsp-tests/response2.der"
+"${OCSPTOOL}" --attime "2016-04-22" -e --load-signer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --infile "${srcdir}/ocsp-tests/response2.der"
rc=$?
# We're done.
exit ${rc}
fi
-"$FAKETIME" "$FAKETIME_F_OPT" "2016-04-22 00:00:00" \
- "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response2.der" -d 4
+"${OCSPTOOL}" --attime "2016-04-22" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response2.der" -d 4
rc=$?
# We're done.
t=0
while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do
# Run a test request to make sure the server works
- "$FAKETIME" "${TESTDATE}" \
- ${VALGRIND} "${OCSPTOOL}" --ask \
- --load-cert "${SERVER_CERT_FILE}" \
- --load-issuer "${srcdir}/ocsp-tests/certs/ca.pem"
+ ${VALGRIND} "${OCSPTOOL}" --attime "${TESTDATE}" --ask \
+ --load-cert "${SERVER_CERT_FILE}" \
+ --load-issuer "${srcdir}/ocsp-tests/certs/ca.pem"
rc=$?
if test "${rc}" = "0"; then
break
projects / thirdparty / gnutls.git / commitdiff
