Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 1adb439f84b3bb3a004736ef1fa88c899cd64f3e
commit1adb439f84b3bb3a004736ef1fa88c899cd64f3e[log] [tgz]
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>Wed Jun 09 17:16:18 2021 +0200
committerChristopher Faulet <cfaulet@haproxy.com>Thu Jun 10 14:51:29 2021 +0200
treead7672209dc840c1bd57f238730b85e39009a9c6
parentca5cf0a196ef2e7d1a16ecaeda5f983551604a30 [diff]
BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future

The wey the "Next Update" field of the OCSP response is converted into a
timestamp relies on the use of signed integers for the year and month so
if the calculated timestamp happens to overflow INT_MAX, it ends up
being seen as negative and the OCSP response being dwignored in
ssl_sock_ocsp_stapling_cbk (because of the "ocsp->expire < now.tv_sec"
test).

It could be backported to all stable branches.

(cherry picked from commit a3a0cce8ee8c142cd148090854ca8551a36d9bd7)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
1 file changed
tree: ad7672209dc840c1bd57f238730b85e39009a9c6
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .travis.yml
  16. BRANCHES
  17. CHANGELOG
  18. CONTRIBUTING
  19. INSTALL
  20. LICENSE
  21. MAINTAINERS
  22. Makefile
  23. README
  24. ROADMAP
  25. SUBVERS
  26. VERDATE
  27. VERSION