提交 e25233d9 编写于 作者: R Rob Percival 提交者: Rich Salz

Default CT_POLICY_EVAL_CTX.epoch_time_in_ms to time()

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
上级 1871a5aa
......@@ -13,18 +13,25 @@
#include <openssl/ct.h>
#include <openssl/err.h>
#include <time.h>
#include "ct_locl.h"
CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
{
CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
time_t epoch_time_in_s;
if (ctx == NULL) {
CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
// Use the current time if available.
time(&epoch_time_in_s);
if (epoch_time_in_s != -1)
ctx->epoch_time_in_ms = epoch_time_in_s * 1000;
return ctx;
}
......
......@@ -68,8 +68,8 @@ CT_POLICY_EVAL_CTX.
The SCT timestamp will be compared to this time to check whether the SCT was
issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose
timestamp is in the future". Typically, the time provided to this function will
be the current time.
timestamp is in the future". By default, this will be set to the
current time (obtained by calling time()) if possible.
The time should be in milliseconds since the Unix epoch.
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册