summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Karpiniec <tkarpiniec@icloud.com>2021-05-15 13:38:27 +1000
committerDrew DeVault <sir@cmpwn.com>2021-05-16 14:10:57 -0400
commit53e4ce4abd53ced1a9b527cbcddebdc3f58ab0a9 (patch)
tree94f9f0e3745dabb67ad61997f3bdb746c04e30f7
parent0dc0e4432a70eafde69509fde8a29802e46ae712 (diff)
downloadgmnisrv-53e4ce4abd53ced1a9b527cbcddebdc3f58ab0a9.tar.gz
gmnisrv-53e4ce4abd53ced1a9b527cbcddebdc3f58ab0a9.tar.xz
gmnisrv-53e4ce4abd53ced1a9b527cbcddebdc3f58ab0a9.zip
Create certificates which last 68 years (INT32_MAX seconds)
This avoids integer overflow on 32-bit architectures.
-rw-r--r--src/tls.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/tls.c b/src/tls.c
index a98dfe0..0e092d3 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -6,6 +6,7 @@
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
+#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
@@ -44,7 +45,7 @@ tls_host_gencert(struct gmnisrv_tls *tlsconf, struct gmnisrv_host *host,
X509_set_version(x509, 2);
ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
X509_gmtime_adj(X509_get_notBefore(x509), 0);
- X509_gmtime_adj(X509_get_notAfter(x509), LONG_MAX);
+ X509_gmtime_adj(X509_get_notAfter(x509), INT32_MAX); // 68 years
X509_set_pubkey(x509, pkey);
char *organization = "gmnisrv";