yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-21 21:31:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Reject certificates with times not in UTC

Browse source
This commit is contained in:
Paul Bakker 2014-07-08 14:40:58 +02:00
parent f48de9579f
commit 243d61894c
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ChangeLog
View file

@ -11,6 +11,7 @@ Changes
that prevented bignum.c from compiling. (Reported by Rafael Baptista.)
* Improvements to tests/Makefile, contributed by Oden Eriksson.
* Use UTC time to check certificate validity.
* Reject certificates with times not in UTC, per RFC 5280.
Security
* Forbid change of server certificate during renegotiation to prevent

4
library/x509parse.c
View file

@ -370,7 +370,7 @@ static int x509_get_time( unsigned char **p,
memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
len : sizeof( date ) - 1 );
if( sscanf( date, "%2d%2d%2d%2d%2d%2d",
if( sscanf( date, "%2d%2d%2d%2d%2d%2dZ",
&time->year, &time->mon, &time->day,
&time->hour, &time->min, &time->sec ) < 5 )
return( POLARSSL_ERR_X509_CERT_INVALID_DATE );
@ -394,7 +394,7 @@ static int x509_get_time( unsigned char **p,
memcpy( date, *p, ( len < sizeof( date ) - 1 ) ?
len : sizeof( date ) - 1 );
if( sscanf( date, "%4d%2d%2d%2d%2d%2d",
if( sscanf( date, "%4d%2d%2d%2d%2d%2dZ",
&time->year, &time->mon, &time->day,
&time->hour, &time->min, &time->sec ) < 5 )
return( POLARSSL_ERR_X509_CERT_INVALID_DATE );