nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-21 05:26:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/maint-0.2.7'

Browse Source
This commit is contained in:
Nick Mathewson 2015-10-06 09:06:57 -04:00
commit bfd9dccdb8
4 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changes/bug17237_027 Normal file
View File

@ -0,0 +1,4 @@
o Minor features (compilation):
- Repair compilation with the most recent (unreleased, alpha)
vesions of OpenSSL 1.1. Fixes the 0.2.7-related part of
ticket 17237.

3
changes/bug17251 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes (compilation):
- Fix an integer overflow warning in test_crypto_slow.c.
Fixes bug 17251; bugfix on 0.2.7.2-alpha.

13
src/common/tortls.c
View File

@ -78,6 +78,11 @@
#include "container.h"
#include <string.h>
#define X509_get_notBefore_const(cert) \
((const ASN1_TIME*) X509_get_notBefore((X509 *)cert))
#define X509_get_notAfter_const(cert) \
((const ASN1_TIME*) X509_get_notAfter((X509 *)cert))
/* Enable the "v2" TLS handshake.
*/
#define V2_HANDSHAKE_SERVER
@ -2136,7 +2141,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem)
if (!(bio = BIO_new(BIO_s_mem()))) {
log_warn(LD_GENERAL, "Couldn't allocate BIO!"); goto end;
}
if (!(ASN1_TIME_print(bio, X509_get_notBefore(cert)))) {
if (!(ASN1_TIME_print(bio, X509_get_notBefore_const(cert)))) {
tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime");
goto end;
}
@ -2144,7 +2149,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem)
s1 = tor_strndup(buf->data, buf->length);
(void)BIO_reset(bio);
if (!(ASN1_TIME_print(bio, X509_get_notAfter(cert)))) {
if (!(ASN1_TIME_print(bio, X509_get_notAfter_const(cert)))) {
tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime");
goto end;
}
@ -2306,12 +2311,12 @@ check_cert_lifetime_internal(int severity, const X509 *cert,
now = time(NULL);
t = now + future_tolerance;
if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) {
if (X509_cmp_time(X509_get_notBefore_const(cert), &t) > 0) {
log_cert_lifetime(severity, cert, "not yet valid");
return -1;
}
t = now - past_tolerance;
if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) {
if (X509_cmp_time(X509_get_notAfter_const(cert), &t) < 0) {
log_cert_lifetime(severity, cert, "already expired");
return -1;
}

2
src/test/test_crypto_slow.c
View File

@ -217,7 +217,7 @@ test_libscrypt_eq_openssl(void *arg)
memset(buf2,0,64);
N = 1048576;
maxmem = 2 * 1024 * 1024 * 1024; // 2 GB
maxmem = 2 * 1024 * 1024 * (uint64_t)1024; // 2 GB
libscrypt_retval =
libscrypt_scrypt((const uint8_t *)"pleaseletmein",