Codebase list rpki-client / 26aab4b
New upstream version 6.8p1 Marco d'Itri 3 years ago
10 changed file(s) with 299 addition(s) and 33 deletion(s). Raw diff Collapse all Expand all
+1
-1
VERSION less more
0 6.8p0
0 6.8p1
+8
-0
compat/Makefile.am less more
5555 if !HAVE_SETRESUID
5656 libcompat_la_SOURCES += bsd-setresuid.c
5757 endif
58
59 if !HAVE_ASN1_TIME_PARSE
60 libcompat_la_SOURCES += a_time_tm.c
61 else
62 if !HAVE_ASN1_TIME_TM_CMP
63 libcompat_la_SOURCES += a_time_tm.c
64 endif
65 endif
+18
-9
compat/Makefile.in less more
110110 @HAVE_STRTONUM_FALSE@am__append_6 = strtonum.c
111111 @HAVE_SETRESGID_FALSE@am__append_7 = bsd-setresgid.c
112112 @HAVE_SETRESUID_FALSE@am__append_8 = bsd-setresuid.c
113 @HAVE_ASN1_TIME_PARSE_FALSE@am__append_9 = a_time_tm.c
114 @HAVE_ASN1_TIME_PARSE_TRUE@@HAVE_ASN1_TIME_TM_CMP_FALSE@am__append_10 = a_time_tm.c
113115 subdir = compat
114116 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
115117 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
125127 LTLIBRARIES = $(noinst_LTLIBRARIES)
126128 libcompat_la_DEPENDENCIES =
127129 am__libcompat_la_SOURCES_DIST = reallocarray.c recallocarray.c \
128 strlcat.c strlcpy.c strtonum.c bsd-setresgid.c bsd-setresuid.c
130 strlcat.c strlcpy.c strtonum.c bsd-setresgid.c bsd-setresuid.c \
131 a_time_tm.c
129132 @HAVE_REALLOCARRAY_FALSE@am__objects_1 = reallocarray.lo
130133 @HAVE_RECALLOCARRAY_FALSE@am__objects_2 = recallocarray.lo
131134 @HAVE_STRLCAT_FALSE@am__objects_3 = strlcat.lo
133136 @HAVE_STRTONUM_FALSE@am__objects_5 = strtonum.lo
134137 @HAVE_SETRESGID_FALSE@am__objects_6 = bsd-setresgid.lo
135138 @HAVE_SETRESUID_FALSE@am__objects_7 = bsd-setresuid.lo
139 @HAVE_ASN1_TIME_PARSE_FALSE@am__objects_8 = a_time_tm.lo
140 @HAVE_ASN1_TIME_PARSE_TRUE@@HAVE_ASN1_TIME_TM_CMP_FALSE@am__objects_9 = a_time_tm.lo
136141 am_libcompat_la_OBJECTS = $(am__objects_1) $(am__objects_2) \
137142 $(am__objects_3) $(am__objects_4) $(am__objects_5) \
138 $(am__objects_6) $(am__objects_7)
143 $(am__objects_6) $(am__objects_7) $(am__objects_8) \
144 $(am__objects_9)
139145 libcompat_la_OBJECTS = $(am_libcompat_la_OBJECTS)
140146 AM_V_lt = $(am__v_lt_@AM_V@)
141147 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
143149 am__v_lt_1 =
144150 libcompatnoopt_la_LIBADD =
145151 am__libcompatnoopt_la_SOURCES_DIST = explicit_bzero.c
146 @HAVE_EXPLICIT_BZERO_FALSE@am__objects_8 = libcompatnoopt_la-explicit_bzero.lo
147 am_libcompatnoopt_la_OBJECTS = $(am__objects_8)
152 @HAVE_EXPLICIT_BZERO_FALSE@am__objects_10 = libcompatnoopt_la-explicit_bzero.lo
153 am_libcompatnoopt_la_OBJECTS = $(am__objects_10)
148154 libcompatnoopt_la_OBJECTS = $(am_libcompatnoopt_la_OBJECTS)
149155 libcompatnoopt_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
150156 $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
165171 DEFAULT_INCLUDES = -I.@am__isrc@
166172 depcomp = $(SHELL) $(top_srcdir)/depcomp
167173 am__maybe_remake_depfiles = depfiles
168 am__depfiles_remade = ./$(DEPDIR)/bsd-setresgid.Plo \
169 ./$(DEPDIR)/bsd-setresuid.Plo \
174 am__depfiles_remade = ./$(DEPDIR)/a_time_tm.Plo \
175 ./$(DEPDIR)/bsd-setresgid.Plo ./$(DEPDIR)/bsd-setresuid.Plo \
170176 ./$(DEPDIR)/libcompatnoopt_la-explicit_bzero.Plo \
171177 ./$(DEPDIR)/reallocarray.Plo ./$(DEPDIR)/recallocarray.Plo \
172178 ./$(DEPDIR)/strlcat.Plo ./$(DEPDIR)/strlcpy.Plo \
353359 # other compatibility functions
354360 libcompat_la_SOURCES = $(am__append_2) $(am__append_3) $(am__append_4) \
355361 $(am__append_5) $(am__append_6) $(am__append_7) \
356 $(am__append_8)
362 $(am__append_8) $(am__append_9) $(am__append_10)
357363 libcompat_la_LIBADD = $(PLATFORM_LDADD)
358364 all: all-am
359365
412418 distclean-compile:
413419 -rm -f *.tab.c
414420
421 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/a_time_tm.Plo@am__quote@ # am--include-marker
415422 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsd-setresgid.Plo@am__quote@ # am--include-marker
416423 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bsd-setresuid.Plo@am__quote@ # am--include-marker
417424 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcompatnoopt_la-explicit_bzero.Plo@am__quote@ # am--include-marker
589596 mostlyclean-am
590597
591598 distclean: distclean-am
592 -rm -f ./$(DEPDIR)/bsd-setresgid.Plo
599 -rm -f ./$(DEPDIR)/a_time_tm.Plo
600 -rm -f ./$(DEPDIR)/bsd-setresgid.Plo
593601 -rm -f ./$(DEPDIR)/bsd-setresuid.Plo
594602 -rm -f ./$(DEPDIR)/libcompatnoopt_la-explicit_bzero.Plo
595603 -rm -f ./$(DEPDIR)/reallocarray.Plo
642650 installcheck-am:
643651
644652 maintainer-clean: maintainer-clean-am
645 -rm -f ./$(DEPDIR)/bsd-setresgid.Plo
653 -rm -f ./$(DEPDIR)/a_time_tm.Plo
654 -rm -f ./$(DEPDIR)/bsd-setresgid.Plo
646655 -rm -f ./$(DEPDIR)/bsd-setresuid.Plo
647656 -rm -f ./$(DEPDIR)/libcompatnoopt_la-explicit_bzero.Plo
648657 -rm -f ./$(DEPDIR)/reallocarray.Plo
+157
-0
compat/a_time_tm.c less more
0 /* $OpenBSD: a_time_tm.c,v 1.15 2018/04/25 11:48:21 tb Exp $ */
1 /*
2 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16 #include <ctype.h>
17 #include <limits.h>
18 #include <stdio.h>
19 #include <string.h>
20 #include <time.h>
21
22 #include <openssl/asn1t.h>
23 #include <openssl/err.h>
24
25 #define RFC5280 0
26 #define GENTIME_LENGTH 15
27 #define UTCTIME_LENGTH 13
28
29 #ifndef HAVE_ASN1_TIME_TM_CMP
30 int
31 ASN1_time_tm_cmp(struct tm *tm1, struct tm *tm2)
32 {
33 if (tm1->tm_year < tm2->tm_year)
34 return (-1);
35 if (tm1->tm_year > tm2->tm_year)
36 return (1);
37 if (tm1->tm_mon < tm2->tm_mon)
38 return (-1);
39 if (tm1->tm_mon > tm2->tm_mon)
40 return (1);
41 if (tm1->tm_mday < tm2->tm_mday)
42 return (-1);
43 if (tm1->tm_mday > tm2->tm_mday)
44 return (1);
45 if (tm1->tm_hour < tm2->tm_hour)
46 return (-1);
47 if (tm1->tm_hour > tm2->tm_hour)
48 return (1);
49 if (tm1->tm_min < tm2->tm_min)
50 return (-1);
51 if (tm1->tm_min > tm2->tm_min)
52 return (1);
53 if (tm1->tm_sec < tm2->tm_sec)
54 return (-1);
55 if (tm1->tm_sec > tm2->tm_sec)
56 return (1);
57 return 0;
58 }
59 #endif
60
61 #ifndef HAVE_ASN1_TIME_PARSE
62 /*
63 * Parse an RFC 5280 format ASN.1 time string.
64 *
65 * mode must be:
66 * 0 if we expect to parse a time as specified in RFC 5280 for an X509 object.
67 * V_ASN1_UTCTIME if we wish to parse an RFC5280 format UTC time.
68 * V_ASN1_GENERALIZEDTIME if we wish to parse an RFC5280 format Generalized time.
69 *
70 * Returns:
71 * -1 if the string was invalid.
72 * V_ASN1_UTCTIME if the string validated as a UTC time string.
73 * V_ASN1_GENERALIZEDTIME if the string validated as a Generalized time string.
74 *
75 * Fills in *tm with the corresponding time if tm is non NULL.
76 */
77 #define ATOI2(ar) ((ar) += 2, ((ar)[-2] - '0') * 10 + ((ar)[-1] - '0'))
78 int
79 ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode)
80 {
81 size_t i;
82 int type = 0;
83 struct tm ltm;
84 struct tm *lt;
85 const char *p;
86
87 if (bytes == NULL)
88 return (-1);
89
90 /* Constrain to valid lengths. */
91 if (len != UTCTIME_LENGTH && len != GENTIME_LENGTH)
92 return (-1);
93
94 lt = tm;
95 if (lt == NULL) {
96 memset(&ltm, 0, sizeof(ltm));
97 lt = &ltm;
98 }
99
100 /* Timezone is required and must be GMT (Zulu). */
101 if (bytes[len - 1] != 'Z')
102 return (-1);
103
104 /* Make sure everything else is digits. */
105 for (i = 0; i < len - 1; i++) {
106 if (isdigit((unsigned char)bytes[i]))
107 continue;
108 return (-1);
109 }
110
111 /*
112 * Validate and convert the time
113 */
114 p = bytes;
115 switch (len) {
116 case GENTIME_LENGTH:
117 if (mode == V_ASN1_UTCTIME)
118 return (-1);
119 lt->tm_year = (ATOI2(p) * 100) - 1900; /* cc */
120 type = V_ASN1_GENERALIZEDTIME;
121 /* FALLTHROUGH */
122 case UTCTIME_LENGTH:
123 if (type == 0) {
124 if (mode == V_ASN1_GENERALIZEDTIME)
125 return (-1);
126 type = V_ASN1_UTCTIME;
127 }
128 lt->tm_year += ATOI2(p); /* yy */
129 if (type == V_ASN1_UTCTIME) {
130 if (lt->tm_year < 50)
131 lt->tm_year += 100;
132 }
133 lt->tm_mon = ATOI2(p) - 1; /* mm */
134 if (lt->tm_mon < 0 || lt->tm_mon > 11)
135 return (-1);
136 lt->tm_mday = ATOI2(p); /* dd */
137 if (lt->tm_mday < 1 || lt->tm_mday > 31)
138 return (-1);
139 lt->tm_hour = ATOI2(p); /* HH */
140 if (lt->tm_hour < 0 || lt->tm_hour > 23)
141 return (-1);
142 lt->tm_min = ATOI2(p); /* MM */
143 if (lt->tm_min < 0 || lt->tm_min > 59)
144 return (-1);
145 lt->tm_sec = ATOI2(p); /* SS */
146 /* Leap second 60 is not accepted. Reconsider later? */
147 if (lt->tm_sec < 0 || lt->tm_sec > 59)
148 return (-1);
149 break;
150 default:
151 return (-1);
152 }
153
154 return (type);
155 }
156 #endif
+51
-10
configure less more
00 #! /bin/sh
11 # Guess values for system-dependent variables and create Makefiles.
2 # Generated by GNU Autoconf 2.69 for rpki-client 6.8p0.
2 # Generated by GNU Autoconf 2.69 for rpki-client 6.8p1.
33 #
44 #
55 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
586586 # Identity of this package.
587587 PACKAGE_NAME='rpki-client'
588588 PACKAGE_TARNAME='rpki-client'
589 PACKAGE_VERSION='6.8p0'
590 PACKAGE_STRING='rpki-client 6.8p0'
589 PACKAGE_VERSION='6.8p1'
590 PACKAGE_STRING='rpki-client 6.8p1'
591591 PACKAGE_BUGREPORT=''
592592 PACKAGE_URL=''
593593
636636 RPKI_TAL_DIR
637637 RSYNC
638638 RPKI_USER
639 HAVE_ASN1_TIME_TM_CMP_FALSE
640 HAVE_ASN1_TIME_TM_CMP_TRUE
641 HAVE_ASN1_TIME_PARSE_FALSE
642 HAVE_ASN1_TIME_PARSE_TRUE
639643 OPENSSL_LDFLAGS
640644 OPENSSL_CFLAGS
641645 HAVE_UNVEIL_FALSE
13661370 # Omit some internal or obsolete options to make the list less imposing.
13671371 # This message is too long to be a string in the A/UX 3.1 sh.
13681372 cat <<_ACEOF
1369 \`configure' configures rpki-client 6.8p0 to adapt to many kinds of systems.
1373 \`configure' configures rpki-client 6.8p1 to adapt to many kinds of systems.
13701374
13711375 Usage: $0 [OPTION]... [VAR=VALUE]...
13721376
14371441
14381442 if test -n "$ac_init_help"; then
14391443 case $ac_init_help in
1440 short | recursive ) echo "Configuration of rpki-client 6.8p0:";;
1444 short | recursive ) echo "Configuration of rpki-client 6.8p1:";;
14411445 esac
14421446 cat <<\_ACEOF
14431447
15541558 test -n "$ac_init_help" && exit $ac_status
15551559 if $ac_init_version; then
15561560 cat <<\_ACEOF
1557 rpki-client configure 6.8p0
1561 rpki-client configure 6.8p1
15581562 generated by GNU Autoconf 2.69
15591563
15601564 Copyright (C) 2012 Free Software Foundation, Inc.
19191923 This file contains any messages produced by compilers while
19201924 running configure, to aid debugging if configure makes a mistake.
19211925
1922 It was created by rpki-client $as_me 6.8p0, which was
1926 It was created by rpki-client $as_me 6.8p1, which was
19231927 generated by GNU Autoconf 2.69. Invocation command line was
19241928
19251929 $ $0 $@
28542858
28552859 # Define the identity of the package.
28562860 PACKAGE='rpki-client'
2857 VERSION='6.8p0'
2861 VERSION='6.8p1'
28582862
28592863
28602864 cat >>confdefs.h <<_ACEOF
1302913033 fi
1303013034
1303113035
13036 for ac_func in ASN1_time_parse ASN1_time_tm_cmp
13037 do :
13038 as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
13039 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
13040 if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
13041 cat >>confdefs.h <<_ACEOF
13042 #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
13043 _ACEOF
13044
13045 fi
13046 done
13047
13048 if test "x$ac_cv_func_ASN1_time_parse" = xyes; then
13049 HAVE_ASN1_TIME_PARSE_TRUE=
13050 HAVE_ASN1_TIME_PARSE_FALSE='#'
13051 else
13052 HAVE_ASN1_TIME_PARSE_TRUE='#'
13053 HAVE_ASN1_TIME_PARSE_FALSE=
13054 fi
13055
13056 if test "x$ac_cv_func_ASN1_time_tm_cmp" = xyes; then
13057 HAVE_ASN1_TIME_TM_CMP_TRUE=
13058 HAVE_ASN1_TIME_TM_CMP_FALSE='#'
13059 else
13060 HAVE_ASN1_TIME_TM_CMP_TRUE='#'
13061 HAVE_ASN1_TIME_TM_CMP_FALSE=
13062 fi
13063
13064
1303213065
1303313066 # Check whether --with-user was given.
1303413067 if test "${with_user+set}" = set; then :
1337813411 as_fn_error $? "conditional \"HAVE_UNVEIL\" was never defined.
1337913412 Usually this means the macro was only invoked conditionally." "$LINENO" 5
1338013413 fi
13414 if test -z "${HAVE_ASN1_TIME_PARSE_TRUE}" && test -z "${HAVE_ASN1_TIME_PARSE_FALSE}"; then
13415 as_fn_error $? "conditional \"HAVE_ASN1_TIME_PARSE\" was never defined.
13416 Usually this means the macro was only invoked conditionally." "$LINENO" 5
13417 fi
13418 if test -z "${HAVE_ASN1_TIME_TM_CMP_TRUE}" && test -z "${HAVE_ASN1_TIME_TM_CMP_FALSE}"; then
13419 as_fn_error $? "conditional \"HAVE_ASN1_TIME_TM_CMP\" was never defined.
13420 Usually this means the macro was only invoked conditionally." "$LINENO" 5
13421 fi
1338113422
1338213423 : "${CONFIG_STATUS=./config.status}"
1338313424 ac_write_fail=0
1377513816 # report actual input values of CONFIG_FILES etc. instead of their
1377613817 # values after options handling.
1377713818 ac_log="
13778 This file was extended by rpki-client $as_me 6.8p0, which was
13819 This file was extended by rpki-client $as_me 6.8p1, which was
1377913820 generated by GNU Autoconf 2.69. Invocation command line was
1378013821
1378113822 CONFIG_FILES = $CONFIG_FILES
1383213873 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
1383313874 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
1383413875 ac_cs_version="\\
13835 rpki-client config.status 6.8p0
13876 rpki-client config.status 6.8p1
1383613877 configured by $0, generated by GNU Autoconf 2.69,
1383713878 with options \\"\$ac_cs_config\\"
1383813879
+4
-0
configure.ac less more
158158 AC_CHECK_LIB([crypto], [ASN1_STRING_get0_data], [], [AC_MSG_ERROR([OpenSSL libraries required])])
159159 AC_CHECK_LIB([crypto], [X509_up_ref], [], [AC_MSG_ERROR([OpenSSL libraries required])])
160160
161 AC_CHECK_FUNCS([ASN1_time_parse ASN1_time_tm_cmp])
162 AM_CONDITIONAL([HAVE_ASN1_TIME_PARSE], [test "x$ac_cv_func_ASN1_time_parse" = xyes])
163 AM_CONDITIONAL([HAVE_ASN1_TIME_TM_CMP], [test "x$ac_cv_func_ASN1_time_tm_cmp" = xyes])
164
161165 AC_ARG_WITH([user],
162166 AS_HELP_STRING([--with-user=user],
163167 [User for rpki-client to use when run as root]),
+1
-0
include/Makefile.am less more
22 noinst_HEADERS += sys/queue.h
33 noinst_HEADERS += sys/tree.h
44 noinst_HEADERS += sys/types.h
5 noinst_HEADERS += openssl/asn1.h
56 noinst_HEADERS += poll.h
67 noinst_HEADERS += sha2.h
78 noinst_HEADERS += sha2_openbsd.h
+3
-2
include/Makefile.in less more
265265 top_build_prefix = @top_build_prefix@
266266 top_builddir = @top_builddir@
267267 top_srcdir = @top_srcdir@
268 noinst_HEADERS = sys/_null.h sys/queue.h sys/tree.h sys/types.h poll.h \
269 sha2.h sha2_openbsd.h stdlib.h string.h unistd.h
268 noinst_HEADERS = sys/_null.h sys/queue.h sys/tree.h sys/types.h \
269 openssl/asn1.h poll.h sha2.h sha2_openbsd.h stdlib.h string.h \
270 unistd.h
270271 all: all-am
271272
272273 .SUFFIXES:
+19
-0
include/openssl/asn1.h less more
0 /*
1 * Public domain
2 * openssl/asn1.h compatibility shim
3 */
4
5 #include_next <openssl/asn1.h>
6
7 #ifndef LIBCOMPAT_OPENSSL_ASN1_H
8 #define LIBCOMPAT_OPENSSL_ASN1_H
9
10 #ifndef HAVE_ASN1_TIME_PARSE
11 int ASN1_time_parse(const char *_bytes, size_t _len, struct tm *_tm, int _mode);
12 #endif
13
14 #ifndef HAVE_ASN1_TIME_TM_CMP
15 int ASN1_time_tm_cmp(struct tm *_tm1, struct tm *_tm2);
16 #endif
17
18 #endif
+37
-11
src/mft.c less more
0 /* $OpenBSD: mft.c,v 1.16 2020/09/12 15:46:48 claudio Exp $ */
0 /* $OpenBSD: mft.c,v 1.16.4.1 2020/11/09 16:58:04 tb Exp $ */
11 /*
22 * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
33 *
5353 }
5454
5555 /*
56 * Convert an ASN1_GENERALIZEDTIME to a struct tm.
57 * Returns 1 on success, 0 on failure.
58 */
59 static int
60 generalizedtime_to_tm(const ASN1_GENERALIZEDTIME *gtime, struct tm *tm)
61 {
62 const char *data;
63 size_t len;
64
65 data = ASN1_STRING_get0_data(gtime);
66 len = ASN1_STRING_length(gtime);
67
68 return ASN1_time_parse(data, len, tm, V_ASN1_GENERALIZEDTIME) ==
69 V_ASN1_GENERALIZEDTIME;
70 }
71
72 /*
5673 * Validate and verify the time validity of the mft.
5774 * Returns 1 if all is good, 0 if mft is stale, any other case -1.
58 * XXX should use ASN1_time_tm_cmp() once libressl is used.
59 */
60 static time_t
75 */
76 static int
6177 check_validity(const ASN1_GENERALIZEDTIME *from,
6278 const ASN1_GENERALIZEDTIME *until, const char *fn)
6379 {
6480 time_t now = time(NULL);
65
66 if (!ASN1_GENERALIZEDTIME_check(from) ||
67 !ASN1_GENERALIZEDTIME_check(until)) {
68 warnx("%s: embedded time format invalid", fn);
81 struct tm tm_from, tm_until, tm_now;
82
83 if (gmtime_r(&now, &tm_now) == NULL) {
84 warnx("%s: could not get current time", fn);
6985 return -1;
7086 }
87
88 if (!generalizedtime_to_tm(from, &tm_from)) {
89 warnx("%s: embedded from time format invalid", fn);
90 return -1;
91 }
92 if (!generalizedtime_to_tm(until, &tm_until)) {
93 warnx("%s: embedded until time format invalid", fn);
94 return -1;
95 }
96
7197 /* check that until is not before from */
72 if (ASN1_STRING_cmp(until, from) < 0) {
98 if (ASN1_time_tm_cmp(&tm_until, &tm_from) < 0) {
7399 warnx("%s: bad update interval", fn);
74100 return -1;
75101 }
76102 /* check that now is not before from */
77 if (X509_cmp_time(from, &now) > 0) {
103 if (ASN1_time_tm_cmp(&tm_from, &tm_now) > 0) {
78104 warnx("%s: mft not yet valid %s", fn, gentime2str(from));
79105 return -1;
80106 }
81107 /* check that now is not after until */
82 if (X509_cmp_time(until, &now) < 0) {
108 if (ASN1_time_tm_cmp(&tm_until, &tm_now) < 0) {
83109 warnx("%s: mft expired on %s", fn, gentime2str(until));
84110 return 0;
85111 }