GitList

Browse code

CRL: use time_t instead of struct timespec to store last mtime

As of now, we store the last mtime for the CRL file in a timespec
object. However we store seconds only and we ignore the subsecond
field (this came into being because not all platforms have nanoseconds
precision in timespec).

Given the above, we can safely replace the timespec object with a
simple time_t.

Reported-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20170316082117.21020-1-a@unstable.cc>
URL: http://www.mail-archive.com/search?l=mid&q=20170316082117.21020-1-a@unstable.cc
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit f3705dd1e711ee9f8546b841e4b18e9e9a224975)

Antonio Quartulli authored on 2017/03/16 17:21:17
Showing 3 changed files

src/openvpn/ssl.c index 2d596ac..1033e58 100644
src/openvpn/ssl_mbedtls.h index 1bc53ce..d8f717c 100644
src/openvpn/ssl_openssl.h index c64c65f..6ca4cb6 100644

src/openvpn/ssl.c

History View file @ 6331385

@@ -571,12 +571,12 @@ tls_ctx_reload_crl(struct tls_root_ctx *ssl_ctx, const char *crl_file,
      * Note: Windows does not support tv_nsec.
      */
     if ((ssl_ctx->crl_last_size == crl_stat.st_size)
-        && (ssl_ctx->crl_last_mtime.tv_sec == crl_stat.st_mtime))
+        && (ssl_ctx->crl_last_mtime == crl_stat.st_mtime))
     {
         return;
     }
 
-    ssl_ctx->crl_last_mtime.tv_sec = crl_stat.st_mtime;
+    ssl_ctx->crl_last_mtime = crl_stat.st_mtime;
     ssl_ctx->crl_last_size = crl_stat.st_size;
     backend_tls_ctx_reload_crl(ssl_ctx, crl_file, crl_file_inline);
 }

src/openvpn/ssl_mbedtls.h

History View file @ 6331385

@@ -74,7 +74,7 @@ struct tls_root_ctx {
                          mbedtls_x509_crt *ca_chain;         /**< CA chain for remote verification */
                          mbedtls_pk_context *priv_key;       /**< Local private key */
                          mbedtls_x509_crl *crl;              /**< Certificate Revocation List */
                     -    struct timespec crl_last_mtime;     /**< CRL last modification time */
                     +    time_t crl_last_mtime;              /**< CRL last modification time */
                          off_t crl_last_size;                /**< size of last loaded CRL */
                      #if defined(ENABLE_PKCS11)
                          mbedtls_pkcs11_context *priv_key_pkcs11;    /**< PKCS11 private key */

src/openvpn/ssl_openssl.h

History View file @ 6331385

@@ -49,7 +49,7 @@
                       */
                      struct tls_root_ctx {
                          SSL_CTX *ctx;
                     -    struct timespec crl_last_mtime;
                     +    time_t crl_last_mtime;
                          off_t crl_last_size;
                      };

...	...	@@ -571,12 +571,12 @@ tls_ctx_reload_crl(struct tls_root_ctx ssl_ctx, const char crl_file,
571	571	* Note: Windows does not support tv_nsec.
572	572	*/
573	573	if ((ssl_ctx->crl_last_size == crl_stat.st_size)
574		- && (ssl_ctx->crl_last_mtime.tv_sec == crl_stat.st_mtime))
	574	+ && (ssl_ctx->crl_last_mtime == crl_stat.st_mtime))
575	575	{
576	576	return;
577	577	}
578	578
579		- ssl_ctx->crl_last_mtime.tv_sec = crl_stat.st_mtime;
	579	+ ssl_ctx->crl_last_mtime = crl_stat.st_mtime;
580	580	ssl_ctx->crl_last_size = crl_stat.st_size;
581	581	backend_tls_ctx_reload_crl(ssl_ctx, crl_file, crl_file_inline);
582	582	}