The unified diff between revisions [13704fef..] and [b773b0a7..] is displayed below. It can also be downloaded as a raw diff.
#
#
# patch "include/config.h"
# from [277482d0f2281d9f6fceecda377d5b64b2696de7]
# to [415aa5ec7bc05947012bc81e7da21ebca7849356]
#
# patch "include/x509stor.h"
# from [855228fef66cacc885703077bfb15f583bf75e7b]
# to [dfbc4f59139cbee076e370b6370e71995f3c4479]
#
# patch "src/config.cpp"
# from [5b03caccc6f428dee4805f937c74715d5144f83f]
# to [371b5e52da741c35e70f61841faa85ff4d7c22b7]
#
# patch "src/x509_ca.cpp"
# from [be4d6707e41b77daaa91d7cb8c421ca6e16c19a8]
# to [5a17c13377859c9795b8938592fa9a49281f08db]
#
# patch "src/x509stor.cpp"
# from [f000624095e5e03c5449d48234c44c2c380f339c]
# to [18753c606cbad1e6b18ef3a9336acd0a88769ac6]
#
============================================================
--- include/config.h 277482d0f2281d9f6fceecda377d5b64b2696de7
+++ include/config.h 415aa5ec7bc05947012bc81e7da21ebca7849356
@@ -29,7 +29,6 @@ class BOTAN_DLL Config
const std::string&, bool = true);
std::string option(const std::string&) const;
- u32bit option_as_time(const std::string&) const;
void set_option(const std::string, const std::string&);
============================================================
--- include/x509stor.h 855228fef66cacc885703077bfb15f583bf75e7b
+++ include/x509stor.h dfbc4f59139cbee076e370b6370e71995f3c4479
@@ -87,7 +87,7 @@ class BOTAN_DLL X509_Store
class BOTAN_DLL Cert_Info
{
public:
- bool is_verified() const;
+ bool is_verified(u32bit timeout) const;
bool is_trusted() const;
X509_Code verify_result() const;
void set_result(X509_Code) const;
@@ -126,7 +126,7 @@ class BOTAN_DLL X509_Store
std::vector<Cert_Info> certs;
std::vector<CRL_Data> revoked;
std::vector<Certificate_Store*> stores;
- u32bit time_slack;
+ u32bit time_slack, validation_cache_timeout;
mutable bool revoked_info_valid;
};
============================================================
--- src/config.cpp 5b03caccc6f428dee4805f937c74715d5144f83f
+++ src/config.cpp 371b5e52da741c35e70f61841faa85ff4d7c22b7
@@ -5,11 +5,8 @@
#include <botan/config.h>
#include <botan/libstate.h>
-#include <botan/lookup.h>
-#include <botan/charset.h>
-#include <botan/parsing.h>
+#include <botan/mutex.h>
#include <botan/stl_util.h>
-#include <botan/mutex.h>
#include <string>
namespace Botan {
@@ -121,12 +118,4 @@ std::string Config::option(const std::st
return get("conf", key);
}
-/*************************************************
-* Get the config setting as a time *
-*************************************************/
-u32bit Config::option_as_time(const std::string& key) const
- {
- return timespec_to_u32bit(option(key));
- }
-
}
============================================================
--- src/x509_ca.cpp be4d6707e41b77daaa91d7cb8c421ca6e16c19a8
+++ src/x509_ca.cpp 5a17c13377859c9795b8938592fa9a49281f08db
@@ -4,6 +4,7 @@
*************************************************/
#include <botan/x509_ca.h>
+#include <botan/libstate.h>
#include <botan/x509stor.h>
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
@@ -11,7 +12,7 @@
#include <botan/lookup.h>
#include <botan/look_pk.h>
#include <botan/numthry.h>
-#include <botan/libstate.h>
+#include <botan/parsing.h>
#include <botan/oids.h>
#include <botan/util.h>
#include <algorithm>
@@ -179,8 +180,10 @@ X509_CRL X509_CA::make_crl(const std::ve
const u32bit X509_CRL_VERSION = 2;
if(next_update == 0)
- next_update = global_config().option_as_time("x509/crl/next_update");
+ next_update = timespec_to_u32bit(
+ global_config().option("x509/crl/next_update"));
+ // Totally stupid: ties encoding logic to the return of std::time!!
const u64bit current_time = system_time();
Extensions extensions;
============================================================
--- src/x509stor.cpp f000624095e5e03c5449d48234c44c2c380f339c
+++ src/x509stor.cpp 18753c606cbad1e6b18ef3a9336acd0a88769ac6
@@ -171,7 +171,12 @@ X509_Store::X509_Store()
X509_Store::X509_Store()
{
revoked_info_valid = true;
- time_slack = global_config().option_as_time("x509/validity_slack");
+
+ time_slack = timespec_to_u32bit(
+ global_config().option("x509/validity_slack"));
+
+ validation_cache_timeout = timespec_to_u32bit(
+ global_config().option("x509/cache_verify_results"));
}
/*************************************************
@@ -305,7 +310,7 @@ X509_Code X509_Store::construct_cert_cha
return CERT_ISSUER_NOT_FOUND;
indexes.push_back(parent);
- if(certs[parent].is_verified())
+ if(certs[parent].is_verified(validation_cache_timeout))
if(certs[parent].verify_result() != VERIFIED)
return certs[parent].verify_result();
@@ -334,7 +339,7 @@ X509_Code X509_Store::construct_cert_cha
const u32bit cert = indexes.back();
- if(certs[cert].is_verified())
+ if(certs[cert].is_verified(validation_cache_timeout))
{
if(certs[cert].verify_result() != VERIFIED)
throw Internal_Error("X509_Store::construct_cert_chain");
@@ -359,7 +364,7 @@ X509_Code X509_Store::check_sig(const Ce
X509_Code X509_Store::check_sig(const Cert_Info& cert_info,
const Cert_Info& ca_cert_info) const
{
- if(cert_info.is_verified())
+ if(cert_info.is_verified(validation_cache_timeout))
return cert_info.verify_result();
const X509_Certificate& cert = cert_info.cert;
@@ -431,7 +436,8 @@ void X509_Store::recompute_revoked_info(
for(u32bit j = 0; j != certs.size(); ++j)
{
- if((certs[j].is_verified()) && (certs[j].verify_result() != VERIFIED))
+ if((certs[j].is_verified(validation_cache_timeout)) &&
+ (certs[j].verify_result() != VERIFIED))
continue;
if(is_revoked(certs[j].cert))
@@ -673,19 +679,16 @@ bool X509_Store::Cert_Info::is_trusted()
/*************************************************
* Check if this certificate has been verified *
*************************************************/
-bool X509_Store::Cert_Info::is_verified() const
+bool X509_Store::Cert_Info::is_verified(u32bit timeout) const
{
if(!checked)
return false;
if(result != VERIFIED && result != CERT_NOT_YET_VALID)
return true;
- const u32bit CACHE_TIME =
- global_config().option_as_time("x509/cache_verify_results");
-
const u64bit current_time = system_time();
- if(current_time > last_checked + CACHE_TIME)
+ if(current_time > last_checked + timeout)
checked = false;
return checked;