diff options
| author | David Benjamin <davidben@chromium.org> | 2021-03-05 15:00:24 -0500 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-03-05 21:35:08 +0000 |
| commit | 4c03793ebf20af9cae9c096320e3efe73f0733f3 (patch) | |
| tree | b526553b1cd0988f3fbc8955416f9748e6f64b1c /cast | |
| parent | 17cbee80d86c0354fc86f2a6b9592f272b43e38f (diff) | |
| download | openscreen-4c03793ebf20af9cae9c096320e3efe73f0733f3.tar.gz | |
Fix a few more X509 struct accesses
I missed these earlier.
Change-Id: I53873874f850193839003c8cb812a0bf68074453
Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/2740099
Reviewed-by: Brandon Tolsch <btolsch@chromium.org>
Commit-Queue: Brandon Tolsch <btolsch@chromium.org>
Diffstat (limited to 'cast')
| -rw-r--r-- | cast/common/certificate/cast_crl.cc | 11 | ||||
| -rw-r--r-- | cast/test/make_crl_tests.cc | 6 |
2 files changed, 9 insertions, 8 deletions
diff --git a/cast/common/certificate/cast_crl.cc b/cast/common/certificate/cast_crl.cc index c7635a4f..aa269df5 100644 --- a/cast/common/certificate/cast_crl.cc +++ b/cast/common/certificate/cast_crl.cc @@ -107,14 +107,15 @@ bool VerifyCRL(const Crl& crl, // (excluding trust anchor). No intermediates are provided above, so this // just amounts to |signer_cert| vs. |not_after_seconds|. *overall_not_after = not_after; - ASN1_GENERALIZEDTIME* not_after_asn1 = ASN1_TIME_to_generalizedtime( - result_path.target_cert->cert_info->validity->notAfter, nullptr); + bssl::UniquePtr<ASN1_GENERALIZEDTIME> not_after_asn1{ + ASN1_TIME_to_generalizedtime( + X509_get0_notAfter(result_path.target_cert.get()), nullptr)}; if (!not_after_asn1) { return false; } DateTime cert_not_after; - bool time_valid = ParseAsn1GeneralizedTime(not_after_asn1, &cert_not_after); - ASN1_GENERALIZEDTIME_free(not_after_asn1); + bool time_valid = + ParseAsn1GeneralizedTime(not_after_asn1.get(), &cert_not_after); if (!time_valid) { return false; } @@ -199,7 +200,7 @@ bool CastCRL::CheckRevocation(const std::vector<X509*>& trusted_chain, // Only Google generated device certificates will be revoked by range. // These will always be less than 64 bits in length. ErrorOr<uint64_t> maybe_serial = - ParseDerUint64(subordinate->cert_info->serialNumber); + ParseDerUint64(X509_get0_serialNumber(subordinate)); if (!maybe_serial) { continue; } diff --git a/cast/test/make_crl_tests.cc b/cast/test/make_crl_tests.cc index 9017395c..d6b83ec3 100644 --- a/cast/test/make_crl_tests.cc +++ b/cast/test/make_crl_tests.cc @@ -54,7 +54,7 @@ TbsCrl MakeTbsCrl(uint64_t not_before, // NOTE: Include default serial number range at device-level, which should not // include any of our certs. ErrorOr<uint64_t> maybe_serial = - ParseDerUint64(device_cert->cert_info->serialNumber); + ParseDerUint64(X509_get0_serialNumber(device_cert)); OSP_DCHECK(maybe_serial); uint64_t serial = maybe_serial.value(); OSP_DCHECK_LE(serial, UINT64_MAX - 200); @@ -178,7 +178,7 @@ int CastMain() { TbsCrl tbs_crl = MakeTbsCrl(not_before.count(), not_after.count(), device_cert.get(), inter_cert.get()); ErrorOr<uint64_t> maybe_serial = - ParseDerUint64(inter_cert->cert_info->serialNumber); + ParseDerUint64(X509_get0_serialNumber(inter_cert.get())); OSP_DCHECK(maybe_serial); uint64_t serial = maybe_serial.value(); OSP_DCHECK_GE(serial, 10); @@ -193,7 +193,7 @@ int CastMain() { TbsCrl tbs_crl = MakeTbsCrl(not_before.count(), not_after.count(), device_cert.get(), inter_cert.get()); ErrorOr<uint64_t> maybe_serial = - ParseDerUint64(device_cert->cert_info->serialNumber); + ParseDerUint64(X509_get0_serialNumber(device_cert.get())); OSP_DCHECK(maybe_serial); uint64_t serial = maybe_serial.value(); OSP_DCHECK_GE(serial, 10); |