linux-qubasis
linux oasis port as a qubes template
git clone https://9o.is/git/linux-qubasis.git
0001-Use-patched-bearssl-method-to-retrieve-validity-peri.patch
(1386B)
1 From 7701b90a015c4e4c2b6af6e8b53315dce1f6c780 Mon Sep 17 00:00:00 2001
2 From: Michael Forney <mforney@mforney.org>
3 Date: Sun, 29 Mar 2020 13:07:39 -0700
4 Subject: [PATCH] Use patched bearssl method to retrieve validity period
5
6 ---
7 tls_conninfo.c | 22 ++++++++++++++++++----
8 1 file changed, 18 insertions(+), 4 deletions(-)
9
10 diff --git a/tls_conninfo.c b/tls_conninfo.c
11 index ccce70d..1e9b57e 100644
12 --- a/tls_conninfo.c
13 +++ b/tls_conninfo.c
14 @@ -162,10 +162,24 @@ static int
15 tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
16 time_t *notafter)
17 {
18 - /* XXX: BearSSL has no way to get certificate notBefore and
19 - * notAfter */
20 - *notbefore = -1;
21 - *notafter = -1;
22 + br_x509_decoder_context xc;
23 + uint32_t notbefore_days, notbefore_seconds;
24 + uint32_t notafter_days, notafter_seconds;
25 + int err;
26 +
27 + br_x509_decoder_init(&xc, NULL, NULL);
28 + br_x509_decoder_push(&xc, ctx->peer_chain[0].data, ctx->peer_chain[0].data_len);
29 +
30 + if ((err = br_x509_decoder_last_error(&xc)) != 0) {
31 + tls_set_errorx(ctx, "%s", bearssl_strerror(err));
32 + return (-1);
33 + }
34 +
35 + br_x509_decoder_get_notbefore(&xc, ¬before_days, ¬before_seconds);
36 + br_x509_decoder_get_notafter(&xc, ¬after_days, ¬after_seconds);
37 +
38 + *notbefore = 86400LL * (notbefore_days - 719528) + notbefore_seconds;
39 + *notafter = 86400LL * (notafter_days - 719528) + notafter_seconds;
40
41 return (0);
42 }
43 --
44 2.31.1
45