diff options
| author | Thomas Karpiniec <tkarpiniec@icloud.com> | 2021-05-15 13:38:27 +1000 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2021-05-16 14:10:57 -0400 |
| commit | 53e4ce4abd53ced1a9b527cbcddebdc3f58ab0a9 (patch) | |
| tree | 94f9f0e3745dabb67ad61997f3bdb746c04e30f7 | |
| parent | 0dc0e4432a70eafde69509fde8a29802e46ae712 (diff) | |
| download | gmnisrv-53e4ce4abd53ced1a9b527cbcddebdc3f58ab0a9.tar.gz gmnisrv-53e4ce4abd53ced1a9b527cbcddebdc3f58ab0a9.tar.xz gmnisrv-53e4ce4abd53ced1a9b527cbcddebdc3f58ab0a9.zip | |
Create certificates which last 68 years (INT32_MAX seconds)
This avoids integer overflow on 32-bit architectures.
| -rw-r--r-- | src/tls.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -6,6 +6,7 @@ #include <openssl/pem.h> #include <openssl/ssl.h> #include <openssl/x509v3.h> +#include <stdint.h> #include <stdio.h> #include <string.h> #include <unistd.h> @@ -44,7 +45,7 @@ tls_host_gencert(struct gmnisrv_tls *tlsconf, struct gmnisrv_host *host, X509_set_version(x509, 2); ASN1_INTEGER_set(X509_get_serialNumber(x509), 1); X509_gmtime_adj(X509_get_notBefore(x509), 0); - X509_gmtime_adj(X509_get_notAfter(x509), LONG_MAX); + X509_gmtime_adj(X509_get_notAfter(x509), INT32_MAX); // 68 years X509_set_pubkey(x509, pkey); char *organization = "gmnisrv"; |
