On Tue, Sep 09, 2014 at 12:16:58AM +0100, Phil Pennock wrote:
> --- Comment #1 from Phil Pennock <pdp@???> 2014-09-09 00:16:57 ---
> The file src/tlscert-openssl.c has this:
>
> 105 static uschar *
> 106 bio_string_time_to_int(BIO * bp, int len)
> 107 {
> 108 uschar * cp = US"";
> 109 struct tm t;
> 110 len = len > 0 ? (int) BIO_get_mem_data(bp, &cp) : 0;
> 111 /*XXX %Z might be glibc-specific? */
> 112 (void) strptime(CS cp, "%b%t%e%t%T%t%Y%t%Z", &t);
> 113 BIO_free(bp);
> 114 /*XXX timegm might not be portable? */
> 115 return string_sprintf("%u", (unsigned) timegm(&t));
> 116 }
>
> Hey Jeremy: you're right, it's not. :)
It is also unsafe to assume that time_t fits without truncation
into an int, or that the time is unsigned. It should be cast to
intmax_t, and use "%jd" as the format.
It is also not strictly safe to assume that time_t can represent
all ASN1_TIME values, since Linux unlike BSD has 32 bit time_t in
32-bit compilation environments. However struct tm, can easily
represent distant dates. OpenSSL has internal functions to covert
between "tm" and (julian day, seconds) which is safe from overflow,
and can be converted to intmax_t reasonably safely on platforms that
have some kind of 64-bit type.
How important is it for Exim to export certificate validity times
as an integral type of seconds since the epoch?
--
Viktor.