[ruby/openssl] asn1: use ASN1_TIME_to_tm() to decode UTCTime and GeneralizedTime

The current logic relies on sscanf() and error checks are almost
entirely missing. It also assumes that ASN1_STRING contents are NUL
terminated, which is undocumented and not guaranteed for all valid
ASN1_TIME objects.

Switch to using ASN1_TIME_to_tm() added in OpenSSL 1.1.1. It is also
supported by LibreSSL and AWS-LC.

In the long term, we may want to replace ASN1_TIME_to_tm() with a
hand-rolled decoder, since the function is intended for a specific
use-case. It is too permissive for strict DER, yet still does not
support all valid DER inputs and silently drops information such as
fractional seconds. However, it handles everything that the current
sscanf() code could handle.

https://github.com/ruby/openssl/commit/73484f6794

0 files changed, 0 insertions, 0 deletions