Add workaround to bearssl regression with BR_FEATURE_X509_TIME_CALLBACK

Signed-off-by: Laurent Bercot <ska@appnovation.com>
author: Laurent Bercot <ska-skaware@skarnet.org> 2022-10-07 15:29:40 +0000
committer: Laurent Bercot <ska@appnovation.com> 2022-10-07 15:29:40 +0000
commit: e8d3f9d42c34f268a181661ca4aaedfa066c0a0a (patch)
tree: dd6eaaf3499e851f3b96bd9a1b391e14acaabe78 /src/sbearssl/sbearssl_x509_time_check.c
parent: d41fef5b74478b36787f387ed3f58099ac19c905 (diff)
download: s6-networking-e8d3f9d42c34f268a181661ca4aaedfa066c0a0a.tar.xz
1 files changed, 16 insertions, 0 deletions
diff --git a/src/sbearssl/sbearssl_x509_time_check.c b/src/sbearssl/sbearssl_x509_time_check.c
new file mode 100644
index 0000000..83e8072
--- /dev/null
+++ b/src/sbearssl/sbearssl_x509_time_check.c
@@ -0,0 +1,16 @@
+/* ISC license. */
+
+#include <stdint.h>
+#include <bearssl.h>
+
+#include <skalibs/tai.h>
+
+#include <s6-networking/sbearssl.h>
+
+int sbearssl_x509_time_check (void *ctx, uint32_t nbd, uint32_t nbs, uint32_t nad, uint32_t nas)
+{
+  uint32_t days, seconds ;
+  if (!sbearssl_dayseconds_from_tai(&days, &seconds, (tai *)ctx)) return -2 ;
+  if (days < nbd || (days == nbd && seconds < nbs)) return -1 ;
+  return days > nad || (days == nad && seconds > nas) ;
+}
author	Laurent Bercot <ska-skaware@skarnet.org>	2022-10-07 15:29:40 +0000
committer	Laurent Bercot <ska@appnovation.com>	2022-10-07 15:29:40 +0000
commit	e8d3f9d42c34f268a181661ca4aaedfa066c0a0a (patch)
tree	dd6eaaf3499e851f3b96bd9a1b391e14acaabe78 /src/sbearssl/sbearssl_x509_time_check.c
parent	d41fef5b74478b36787f387ed3f58099ac19c905 (diff)
download	s6-networking-e8d3f9d42c34f268a181661ca4aaedfa066c0a0a.tar.xz