Skip to content

UTIL_cmp_timeframe(): improve workaround for deprecations in OpenSSL 4.0#71

Merged
DDvO merged 1 commit intomasterfrom
improve_UTIL_cmp_timeframe_v4.0
Feb 24, 2026
Merged

UTIL_cmp_timeframe(): improve workaround for deprecations in OpenSSL 4.0#71
DDvO merged 1 commit intomasterfrom
improve_UTIL_cmp_timeframe_v4.0

Conversation

@DDvO
Copy link
Member

@DDvO DDvO commented Feb 20, 2026
edited
Loading

This is a follow-up on #70.

Finally, the related OpenSSL issue has been discussed further, just before the v 4.0 code freeze deadline.
The outcome was not exactly what I suggested, but at least here is an improved workaround for the deprecation of X509_cmp_timeframe() and X509_cmp_time().

@DDvO DDvO requested a review from Copilot February 20, 2026 11:42
Copilot AI reviewed Feb 20, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves the workaround for OpenSSL 4.0 API deprecations by implementing a cleaner solution for time comparison. Instead of the previous workaround that created dummy X509 certificates, the new implementation directly converts ASN1_TIME to POSIX time using OpenSSL 4.0's new OPENSSL_tm_to_posix() function. The changes consolidate the code by removing the intermediate OpenSSL 3.0-4.0 branch and updating documentation to clarify behavior with invalid times.

Changes:

  • Implemented new helper functions ASN1_TIME_to_posix() and X509_cmp_time_new() for OpenSSL 4.0+
  • Removed the old workaround using dummy X509 certificates for OpenSSL 4.0
  • Updated documentation to clarify that null or invalid times are not checked

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
src/libsecutils/src/credentials/cert.c Implements new time comparison functions for OpenSSL 4.0+ and updates UTIL_cmp_timeframe to use unified logic
src/libsecutils/include/secutils/credentials/cert.h Updates documentation comment to clarify behavior with invalid times

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@DDvO DDvO force-pushed the improve_UTIL_cmp_timeframe_v4.0 branch from c5d1694 to a8524fa Compare February 23, 2026 10:03
@DDvO DDvO requested a review from Copilot February 23, 2026 10:03
Copilot AI reviewed Feb 23, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@DDvO DDvO force-pushed the improve_UTIL_cmp_timeframe_v4.0 branch from a8524fa to 92c199f Compare February 23, 2026 10:14
@DDvO DDvO merged commit d84170a into master Feb 24, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@benjamin-schilling benjamin-schilling benjamin-schilling approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DDvO @benjamin-schilling