[pbs-devel] [PATCH v2 backup 05/27] CertInfo: add not_{after, before}_unix

Dietmar Maurer dietmar at proxmox.com
Thu Apr 29 09:08:03 CEST 2021


On 4/29/21 9:01 AM, Wolfgang Bumiller wrote:
> On Thu, Apr 29, 2021 at 08:13:19AM +0200, Dietmar Maurer wrote:
>> Seems I can do it without foreign-types:
>>
>> fn asn1_time_to_unix(time: &openssl::asn1::Asn1TimeRef) -> Result<i64,
>> Error> {
>>      let epoch0 = openssl::asn1::Asn1Time::from_unix(0)?;
>>      let diff = epoch0.diff(time)?;
>>      let seconds = (diff.days as i64) * 24*60*60 + (diff.secs as i64);
>>      Ok(seconds)
>> }
>>
>> Any objections?
> Yes, for 2 reasons:
> * openssl does provide the functionality and the dependency is already
>    in our tree because openssl pulls it in
> * 1100 days in already covers 3 leap seconds and I don't want to worry
>    about whether `diff.days` takes that into account, the best time math
>    is no time math at all

Agreed, but your code is unsafe and hard to read. IMHO that whole 
foreign_type thing is hard to understand. And Unix Epoch does not care 
about leap seconds, so why should we do?






More information about the pbs-devel mailing list