diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/asn1/asn1_obj.h | 5 | ||||
| -rw-r--r-- | src/lib/asn1/asn1_time.cpp | 20 | ||||
| -rw-r--r-- | src/lib/cert/x509/x509_crl.cpp | 4 | ||||
| -rw-r--r-- | src/lib/cert/x509/x509opt.cpp | 4 | ||||
| -rw-r--r-- | src/lib/cert/x509/x509path.cpp | 4 |
5 files changed, 28 insertions, 9 deletions
diff --git a/src/lib/asn1/asn1_obj.h b/src/lib/asn1/asn1_obj.h index 46707e23a..f68ef675e 100644 --- a/src/lib/asn1/asn1_obj.h +++ b/src/lib/asn1/asn1_obj.h @@ -47,8 +47,9 @@ enum ASN1_Tag { VISIBLE_STRING = 0x1A, BMP_STRING = 0x1E, - UTC_TIME = 0x17, - GENERALIZED_TIME = 0x18, + UTC_TIME = 0x17, + GENERALIZED_TIME = 0x18, + UTC_OR_GENERALIZED_TIME = 0x19, NO_OBJECT = 0xFF00, DIRECTORY_STRING = 0xFF01 diff --git a/src/lib/asn1/asn1_time.cpp b/src/lib/asn1/asn1_time.cpp index 381a21b2d..b61879b53 100644 --- a/src/lib/asn1/asn1_time.cpp +++ b/src/lib/asn1/asn1_time.cpp @@ -141,7 +141,25 @@ s32bit X509_Time::cmp(const X509_Time& other) const void X509_Time::set_to(const std::string& t_spec, ASN1_Tag spec_tag) { - if(spec_tag == GENERALIZED_TIME) + if(spec_tag == UTC_OR_GENERALIZED_TIME) + { + try + { + set_to(t_spec, GENERALIZED_TIME); + return; + } + catch(Invalid_Argument) {} // Not a generalized time. Continue + + try + { + set_to(t_spec, UTC_TIME); + return; + } + catch(Invalid_Argument) {} // Not a UTC time. Continue + + throw Invalid_Argument("Time string could not be parsed as GeneralizedTime or UTCTime."); + } + else if(spec_tag == GENERALIZED_TIME) { if(t_spec.size() != 13 && t_spec.size() != 15) throw Invalid_Argument("Invalid GeneralizedTime string: '" + t_spec + "'"); diff --git a/src/lib/cert/x509/x509_crl.cpp b/src/lib/cert/x509/x509_crl.cpp index 5dce682c2..8b6d1522b 100644 --- a/src/lib/cert/x509/x509_crl.cpp +++ b/src/lib/cert/x509/x509_crl.cpp @@ -177,7 +177,7 @@ u32bit X509_CRL::crl_number() const */ X509_Time X509_CRL::this_update() const { - return X509_Time(info.get1("X509.CRL.start"), ASN1_Tag::UTC_TIME); + return X509_Time(info.get1("X509.CRL.start"), ASN1_Tag::UTC_OR_GENERALIZED_TIME); } /* @@ -185,7 +185,7 @@ X509_Time X509_CRL::this_update() const */ X509_Time X509_CRL::next_update() const { - return X509_Time(info.get1("X509.CRL.end"), ASN1_Tag::UTC_TIME); + return X509_Time(info.get1("X509.CRL.end"), ASN1_Tag::UTC_OR_GENERALIZED_TIME); } } diff --git a/src/lib/cert/x509/x509opt.cpp b/src/lib/cert/x509/x509opt.cpp index ef83124e6..52845658f 100644 --- a/src/lib/cert/x509/x509opt.cpp +++ b/src/lib/cert/x509/x509opt.cpp @@ -17,7 +17,7 @@ namespace Botan { */ void X509_Cert_Options::not_before(const std::string& time_string) { - start = X509_Time(time_string, ASN1_Tag::UTC_TIME); + start = X509_Time(time_string, ASN1_Tag::UTC_OR_GENERALIZED_TIME); } /* @@ -25,7 +25,7 @@ void X509_Cert_Options::not_before(const std::string& time_string) */ void X509_Cert_Options::not_after(const std::string& time_string) { - end = X509_Time(time_string, ASN1_Tag::UTC_TIME); + end = X509_Time(time_string, ASN1_Tag::UTC_OR_GENERALIZED_TIME); } /* diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp index b6c0df126..09cabcb65 100644 --- a/src/lib/cert/x509/x509path.cpp +++ b/src/lib/cert/x509/x509path.cpp @@ -107,10 +107,10 @@ check_chain(const std::vector<X509_Certificate>& cert_path, } // Check all certs for valid time range - if(current_time < X509_Time(subject.start_time(), ASN1_Tag::UTC_TIME)) + if(current_time < X509_Time(subject.start_time(), ASN1_Tag::UTC_OR_GENERALIZED_TIME)) status.insert(Certificate_Status_Code::CERT_NOT_YET_VALID); - if(current_time > X509_Time(subject.end_time(), ASN1_Tag::UTC_TIME)) + if(current_time > X509_Time(subject.end_time(), ASN1_Tag::UTC_OR_GENERALIZED_TIME)) status.insert(Certificate_Status_Code::CERT_HAS_EXPIRED); // Check issuer constraints |