X509: Enable printing cert even with invalid validity times, saying 'Bad time value'

Add internal asn1_time_print_ex() that can return success on invalid time.
This is a workaround for inconsistent error behavior of ASN1_TIME_print(),
used in X509_print_ex().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13714)

1 files changed, 11 insertions, 6 deletions

diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
index 7bd97c6598..aebbf53fd0 100644
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -16,6 +16,7 @@
 
 #include <stdio.h>
 #include <time.h>
+#include "crypto/asn1.h"
 #include "crypto/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
@@ -467,19 +468,23 @@ static const char _asn1_mon[12][4] = {
     "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
 };
 
+/* returns 1 on success, 0 on BIO write error or parse failure */
 int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
 {
+    return asn1_time_print_ex(bp, tm) > 0;
+}
+
+/* returns 0 on BIO write error, else -1 in case of parse failure, else 1 */
+int asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm)
+{
     char *v;
     int gmt = 0, l;
     struct tm stm;
     const char upper_z = 0x5A, period = 0x2E;
 
-    if (!asn1_time_to_tm(&stm, tm)) {
-        /* asn1_time_to_tm will check the time type */
-        (void)BIO_write(bp, "Bad time value", 14);
-        return 0;
-        /* It would have been more consistent to return BIO_write(...) */
-    }
+    /* asn1_time_to_tm will check the time type */
+    if (!asn1_time_to_tm(&stm, tm))
+        return BIO_write(bp, "Bad time value", 14) ? -1 : 0;
 
     l = tm->length;
     v = (char *)tm->data;