diff options
| author | David Benjamin <davidben@google.com> | 2016-10-05 20:45:17 +0000 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2016-10-05 20:45:17 +0000 |
| commit | 74ea02aa6618f6b317a5d7056ede68a48980e524 (patch) | |
| tree | 7a5d901ceae854480658ef2cf630e24a39433608 | |
| parent | 5277834396f52a760bb237044d5539fc4aaa87bb (diff) | |
| parent | cfb7a5c7aa52b74338df1ef2cf3425f0e43ef1d5 (diff) | |
| download | tlsdate-74ea02aa6618f6b317a5d7056ede68a48980e524.tar.gz | |
Don't reach into BoringSSL structs. am: 5a3de7f113
am: cfb7a5c7aa
Change-Id: Ibd161dd4080b7d317cf3baeb34f14c404ae7351e
| -rw-r--r-- | src/tlsdate-helper.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/tlsdate-helper.c b/src/tlsdate-helper.c index d923efd..319497f 100644 --- a/src/tlsdate-helper.c +++ b/src/tlsdate-helper.c @@ -358,7 +358,8 @@ void openssl_time_callback (const SSL* ssl, int where, int ret) { if (where == SSL_CB_CONNECT_LOOP && - (ssl->state == SSL3_ST_CR_SRVR_HELLO_A || ssl->state == SSL3_ST_CR_SRVR_HELLO_B)) + (SSL_state(ssl) == SSL3_ST_CR_SRVR_HELLO_A || + SSL_state(ssl) == SSL3_ST_CR_SRVR_HELLO_B)) { // XXX TODO: If we want to trust the remote system for time, // can we just read that time out of the remote system and if the @@ -371,7 +372,7 @@ openssl_time_callback (const SSL* ssl, int where, int ret) uint32_t max_reasonable_time = MAX_REASONABLE_TIME; uint32_t server_time; verb("V: freezing time for x509 verification"); - memcpy(&server_time, ssl->s3->server_random, sizeof(uint32_t)); + SSL_get_server_random(ssl, (unsigned char*)&server_time, sizeof(uint32_t)); if (compiled_time < ntohl(server_time) && ntohl(server_time) < max_reasonable_time) @@ -379,7 +380,7 @@ openssl_time_callback (const SSL* ssl, int where, int ret) verb("V: remote peer provided: %d, preferred over compile time: %d", ntohl(server_time), compiled_time); verb("V: freezing time with X509_VERIFY_PARAM_set_time"); - X509_VERIFY_PARAM_set_time(ssl->ctx->cert_store->param, + X509_VERIFY_PARAM_set_time(SSL_get0_param((SSL*)ssl), (time_t) ntohl(server_time) + 86400); } else { die("V: the remote server is a false ticker! server: %d compile: %d", @@ -1189,7 +1190,7 @@ run_ssl (uint32_t *time_map, int time_is_an_illusion, int http) // from /usr/include/openssl/ssl3.h // ssl->s3->server_random is an unsigned char of 32 bits - memcpy(&result_time, ssl->s3->server_random, sizeof (uint32_t)); + SSL_get_server_random(ssl, (unsigned char*)&result_time, sizeof(uint32_t)); verb("V: In TLS response, T=%lu", (unsigned long)ntohl(result_time)); if (http) { |