From 9eca2ced64b19f2d222937edc4ea78e7a1d31b32 Mon Sep 17 00:00:00 2001 From: rhe Date: Wed, 1 Jun 2016 12:41:15 +0000 Subject: openssl: fix the Year 2038 problem r55219 didn't fix the entire issue. It only fixed the issue on environment with sizeof(time_t) == 8 && sizeof(long) == 4. * ext/openssl/extconf.rb: Check existence of ASN1_TIME_adj(). The old ASN1_TIME_set() is not Year 2038 ready on sizeof(time_t) == 4 environment. This function was added in OpenSSL 1.0.0. [ruby-core:45552] [Bug #6571] * ext/openssl/ossl_asn1.c (ossl_time_split): Added. Split the argument (Time) into the number of days elapsed since the epoch and the remainder seconds to conform to ASN1_TIME_adj(). (obj_to_asn1utime, obj_to_asn1gtime): Use ossl_time_split() and ASN1_*TIME_adj(). * ext/openssl/ossl_asn1.h: Add the function prototype for ossl_time_split(). * ext/openssl/ossl_x509.[ch]: Add ossl_x509_time_adjust(). Similarly to obj_to_asn1*time(), use X509_time_adj_ex() instead of X509_time_adj(). * ext/openssl/ossl_x509cert.c, ext/openssl/ossl_x509crl.c, ext/openssl/ossl_x509revoked.c: Use ossl_x509_time_adjust(). git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55249 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ext/openssl/ossl_x509cert.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'ext/openssl/ossl_x509cert.c') diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c index 34b8aae7cd..13e738f30f 100644 --- a/ext/openssl/ossl_x509cert.c +++ b/ext/openssl/ossl_x509cert.c @@ -476,13 +476,10 @@ static VALUE ossl_x509_set_not_before(VALUE self, VALUE time) { X509 *x509; - time_t sec; - sec = time_to_time_t(time); GetX509(self, x509); - if (!X509_time_adj(X509_get_notBefore(x509), 0, &sec)) { + if (!ossl_x509_time_adjust(X509_get_notBefore(x509), time)) ossl_raise(eX509CertError, NULL); - } return time; } @@ -513,13 +510,10 @@ static VALUE ossl_x509_set_not_after(VALUE self, VALUE time) { X509 *x509; - time_t sec; - sec = time_to_time_t(time); GetX509(self, x509); - if (!X509_time_adj(X509_get_notAfter(x509), 0, &sec)) { + if (!ossl_x509_time_adjust(X509_get_notAfter(x509), time)) ossl_raise(eX509CertError, NULL); - } return time; } -- cgit v1.2.3