diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/config.cpp | 13 | ||||
| -rw-r--r-- | src/x509_ca.cpp | 7 | ||||
| -rw-r--r-- | src/x509stor.cpp | 23 |
3 files changed, 19 insertions, 24 deletions
diff --git a/src/config.cpp b/src/config.cpp index 0d4d459b6..6d2a4c90f 100644 --- a/src/config.cpp +++ b/src/config.cpp @@ -5,11 +5,8 @@ #include <botan/config.h> #include <botan/libstate.h> -#include <botan/lookup.h> -#include <botan/charset.h> -#include <botan/parsing.h> -#include <botan/stl_util.h> #include <botan/mutex.h> +#include <botan/stl_util.h> #include <string> namespace Botan { @@ -121,12 +118,4 @@ std::string Config::option(const std::string& key) const return get("conf", key); } -/************************************************* -* Get the config setting as a time * -*************************************************/ -u32bit Config::option_as_time(const std::string& key) const - { - return timespec_to_u32bit(option(key)); - } - } diff --git a/src/x509_ca.cpp b/src/x509_ca.cpp index 4e873c31f..13e1520a1 100644 --- a/src/x509_ca.cpp +++ b/src/x509_ca.cpp @@ -4,6 +4,7 @@ *************************************************/ #include <botan/x509_ca.h> +#include <botan/libstate.h> #include <botan/x509stor.h> #include <botan/der_enc.h> #include <botan/ber_dec.h> @@ -11,7 +12,7 @@ #include <botan/lookup.h> #include <botan/look_pk.h> #include <botan/numthry.h> -#include <botan/libstate.h> +#include <botan/parsing.h> #include <botan/oids.h> #include <botan/util.h> #include <algorithm> @@ -179,8 +180,10 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked, const u32bit X509_CRL_VERSION = 2; if(next_update == 0) - next_update = global_config().option_as_time("x509/crl/next_update"); + next_update = timespec_to_u32bit( + global_config().option("x509/crl/next_update")); + // Totally stupid: ties encoding logic to the return of std::time!! const u64bit current_time = system_time(); Extensions extensions; diff --git a/src/x509stor.cpp b/src/x509stor.cpp index 834fe526b..dcbc31942 100644 --- a/src/x509stor.cpp +++ b/src/x509stor.cpp @@ -171,7 +171,12 @@ bool X509_Store::CRL_Data::operator<(const X509_Store::CRL_Data& other) const X509_Store::X509_Store() { revoked_info_valid = true; - time_slack = global_config().option_as_time("x509/validity_slack"); + + time_slack = timespec_to_u32bit( + global_config().option("x509/validity_slack")); + + validation_cache_timeout = timespec_to_u32bit( + global_config().option("x509/cache_verify_results")); } /************************************************* @@ -305,7 +310,7 @@ X509_Code X509_Store::construct_cert_chain(const X509_Certificate& end_cert, return CERT_ISSUER_NOT_FOUND; indexes.push_back(parent); - if(certs[parent].is_verified()) + if(certs[parent].is_verified(validation_cache_timeout)) if(certs[parent].verify_result() != VERIFIED) return certs[parent].verify_result(); @@ -334,7 +339,7 @@ X509_Code X509_Store::construct_cert_chain(const X509_Certificate& end_cert, const u32bit cert = indexes.back(); - if(certs[cert].is_verified()) + if(certs[cert].is_verified(validation_cache_timeout)) { if(certs[cert].verify_result() != VERIFIED) throw Internal_Error("X509_Store::construct_cert_chain"); @@ -359,7 +364,7 @@ X509_Code X509_Store::construct_cert_chain(const X509_Certificate& end_cert, X509_Code X509_Store::check_sig(const Cert_Info& cert_info, const Cert_Info& ca_cert_info) const { - if(cert_info.is_verified()) + if(cert_info.is_verified(validation_cache_timeout)) return cert_info.verify_result(); const X509_Certificate& cert = cert_info.cert; @@ -431,7 +436,8 @@ void X509_Store::recompute_revoked_info() const for(u32bit j = 0; j != certs.size(); ++j) { - if((certs[j].is_verified()) && (certs[j].verify_result() != VERIFIED)) + if((certs[j].is_verified(validation_cache_timeout)) && + (certs[j].verify_result() != VERIFIED)) continue; if(is_revoked(certs[j].cert)) @@ -673,19 +679,16 @@ bool X509_Store::Cert_Info::is_trusted() const /************************************************* * Check if this certificate has been verified * *************************************************/ -bool X509_Store::Cert_Info::is_verified() const +bool X509_Store::Cert_Info::is_verified(u32bit timeout) const { if(!checked) return false; if(result != VERIFIED && result != CERT_NOT_YET_VALID) return true; - const u32bit CACHE_TIME = - global_config().option_as_time("x509/cache_verify_results"); - const u64bit current_time = system_time(); - if(current_time > last_checked + CACHE_TIME) + if(current_time > last_checked + timeout) checked = false; return checked; |