CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds

This resulted in the SCT timestamp check always failing, because the timestamp appeared to be in the future. Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Andy Polyakov <appro@openssl.org> Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3138)

CT_POLICY_EVAL_CTX_set_time expects milliseconds, but given seconds
This resulted in the SCT timestamp check always failing, because the timestamp appeared to be in the future. Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Andy Polyakov <appro@openssl.org> Reviewed-by: N Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3138)
6a71e06d · Rob Percival · Richard Levitte · 2094ea07 · 6a71e06d
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

ssl/ssl_lib.c ssl/ssl_lib.c +2 -1

未找到文件。
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4361,7 +4361,8 @@ int ssl_validate_ct(SSL *s)
    CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
    CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
    CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
-    CT_POLICY_EVAL_CTX_set_time(ctx, SSL_SESSION_get_time(SSL_get0_session(s)));
+    CT_POLICY_EVAL_CTX_set_time(
+            ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);

    scts = SSL_get0_peer_scts(s);