===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/ca.c,v
retrieving revision 1.56
retrieving revision 1.57
diff -c -r1.56 -r1.57
*** src/usr.bin/openssl/ca.c	2023/07/02 07:08:57	1.56
--- src/usr.bin/openssl/ca.c	2023/11/13 12:43:08	1.57
***************
*** 1,4 ****
! /* $OpenBSD: ca.c,v 1.56 2023/07/02 07:08:57 tb Exp $ */
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
--- 1,4 ----
! /* $OpenBSD: ca.c,v 1.57 2023/11/13 12:43:08 tb Exp $ */
  /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
   * All rights reserved.
   *
***************
*** 607,632 ****
  	{ NULL },
  };
  
- /*
-  * Set a certificate time based on user provided input. Make sure
-  * what we put in the certificate is legit for RFC 5280. Returns
-  * 0 on success, -1 on an invalid time string. Strings must be
-  * YYYYMMDDHHMMSSZ for post 2050 dates. YYYYMMDDHHMMSSZ or
-  * YYMMDDHHMMSSZ is accepted for pre 2050 dates, and fixed up to
-  * be the correct format in the certificate.
-  */
- static int
- setCertificateTime(ASN1_TIME *x509time, char *timestring)
- {
- 	struct tm tm1;
- 
- 	if (ASN1_time_parse(timestring, strlen(timestring), &tm1, 0) == -1)
- 		return (-1);
- 	if (!ASN1_TIME_set_tm(x509time, &tm1))
- 		return (-1);
- 	return 0;
- }
- 
  static void
  ca_usage(void)
  {
--- 607,612 ----
***************
*** 1985,1991 ****
  	if (strcmp(startdate, "today") == 0) {
  		if (X509_gmtime_adj(X509_get_notBefore(ret), 0) == NULL)
  			goto err;
! 	} else if (setCertificateTime(X509_get_notBefore(ret), startdate) == -1) {
  		BIO_printf(bio_err, "Invalid start date %s\n", startdate);
  		goto err;
  	}
--- 1965,1971 ----
  	if (strcmp(startdate, "today") == 0) {
  		if (X509_gmtime_adj(X509_get_notBefore(ret), 0) == NULL)
  			goto err;
! 	} else if (!ASN1_TIME_set_string_X509(X509_get_notBefore(ret), startdate)) {
  		BIO_printf(bio_err, "Invalid start date %s\n", startdate);
  		goto err;
  	}
***************
*** 1994,2000 ****
  		if (X509_time_adj_ex(X509_get_notAfter(ret), days, 0,
  		    NULL) == NULL)
  			goto err;
! 	} else if (setCertificateTime(X509_get_notAfter(ret), enddate) == -1) {
  		BIO_printf(bio_err, "Invalid end date %s\n", enddate);
  		goto err;
  	}
--- 1974,1980 ----
  		if (X509_time_adj_ex(X509_get_notAfter(ret), days, 0,
  		    NULL) == NULL)
  			goto err;
! 	} else if (!ASN1_TIME_set_string_X509(X509_get_notAfter(ret), enddate)) {
  		BIO_printf(bio_err, "Invalid end date %s\n", enddate);
  		goto err;
  	}