aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/asn1/asn1.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/asn1/asn1.c')
-rw-r--r--src/libstrongswan/asn1/asn1.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 6ce818f0d..149784057 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -426,9 +426,8 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
/**
* Convert a date into ASN.1 UTCTIME or GENERALIZEDTIME format
*/
-chunk_t asn1_from_time(const time_t *time)
+chunk_t asn1_from_time(const time_t *time, asn1_t type)
{
- asn1_t type;
int offset;
const char *format;
char buf[BUF_LEN];
@@ -437,8 +436,10 @@ chunk_t asn1_from_time(const time_t *time)
gmtime_r(time, &t);
/* RFC 5280 says that dates through the year 2049 MUST be encoded as UTCTIME
- * and dates in 2050 or later MUST be encoded as GENERALIZEDTIME */
- type = (t.tm_year < 150) ? ASN1_UTCTIME : ASN1_GENERALIZEDTIME;
+ * and dates in 2050 or later MUST be encoded as GENERALIZEDTIME. We only
+ * enforce the latter to avoid overflows but allow callers to force the
+ * encoding to GENERALIZEDTIME */
+ type = (t.tm_year >= 150) ? ASN1_GENERALIZEDTIME : type;
if (type == ASN1_GENERALIZEDTIME)
{
format = "%04d%02d%02d%02d%02d%02dZ";
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 07:59:08 +0000