Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / a3a0cce8ee8c142cd148090854ca8551a36d9bd7
commita3a0cce8ee8c142cd148090854ca8551a36d9bd7[log] [tgz]
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>Wed Jun 09 17:16:18 2021 +0200
committerWilliam Lallemand <wlallemand@haproxy.org>Wed Jun 09 17:49:00 2021 +0200
treea3ee1552e032d7e55503545cfde7c27b75131fd4
parent722180aca8757d8807b21cf125a2d68249be5bf8 [diff]
BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future

The wey the "Next Update" field of the OCSP response is converted into a
timestamp relies on the use of signed integers for the year and month so
if the calculated timestamp happens to overflow INT_MAX, it ends up
being seen as negative and the OCSP response being dwignored in
ssl_sock_ocsp_stapling_cbk (because of the "ocsp->expire < now.tv_sec"
test).

It could be backported to all stable branches.
1 file changed
tree: a3ee1552e032d7e55503545cfde7c27b75131fd4
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .travis.yml
  16. BRANCHES
  17. CHANGELOG
  18. CONTRIBUTING
  19. INSTALL
  20. LICENSE
  21. MAINTAINERS
  22. Makefile
  23. README
  24. ROADMAP
  25. SUBVERS
  26. VERDATE
  27. VERSION