BUG/MEDIUM: ssl: fix OCSP expiry calculation The hour part of the timezone offset was multiplied by 60 instead of 3600, resulting in an inaccurate expiry. This bug was introduced in 1.6-dev1 by commit 4f3c87a ("BUG/MEDIUM: ssl: Fix to not serve expired OCSP responses."), so this fix must be backported into 1.7 and 1.6.

commit: 953917abc9fb72c49fa49cb41bc2cdbecd7c9e93 [log] [tgz]
author: Frederik Deweerdt <fdeweerdt@fastly.com> Mon Oct 16 07:37:31 2017 -0700
committer: Willy Tarreau <w@1wt.eu> Mon Oct 16 18:14:36 2017 +0200
tree: 317bd5f39d48e604425b758371565dae39a97129
parent: 64cc49cf7e0db452e1467b2ac4cbf71c674dbc5a [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 989d7e1..774a5a6 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -546,12 +546,12 @@
 	else if (p[0] == '+') {
 		if (end - p != 5) return -1;
 		/* Apply timezone offset */
-		return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
+		return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
 	}
 	else if (p[0] == '-') {
 		if (end - p != 5) return -1;
 		/* Apply timezone offset */
-		return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
+		return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
 	}
 
 	return -1;
commit	953917abc9fb72c49fa49cb41bc2cdbecd7c9e93	[log] [tgz]
author	Frederik Deweerdt <fdeweerdt@fastly.com>	Mon Oct 16 07:37:31 2017 -0700
committer	Willy Tarreau <w@1wt.eu>	Mon Oct 16 18:14:36 2017 +0200
tree	317bd5f39d48e604425b758371565dae39a97129
parent	64cc49cf7e0db452e1467b2ac4cbf71c674dbc5a [diff]