From 953917abc9fb72c49fa49cb41bc2cdbecd7c9e93 Mon Sep 17 00:00:00 2001
From: Frederik Deweerdt <fdeweerdt@fastly.com>
Date: Mon, 16 Oct 2017 07:37:31 -0700
Subject: [PATCH] BUG/MEDIUM: ssl: fix OCSP expiry calculation

The hour part of the timezone offset was multiplied by 60 instead of
3600, resulting in an inaccurate expiry. This bug was introduced in
1.6-dev1 by commit 4f3c87a ("BUG/MEDIUM: ssl: Fix to not serve expired
OCSP responses."), so this fix must be backported into 1.7 and 1.6.
---
 src/ssl_sock.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 989d7e1cf..774a5a683 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -546,12 +546,12 @@ nosec:
 	else if (p[0] == '+') {
 		if (end - p != 5) return -1;
 		/* Apply timezone offset */
-		return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
+		return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
 	}
 	else if (p[0] == '-') {
 		if (end - p != 5) return -1;
 		/* Apply timezone offset */
-		return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
+		return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
 	}
 
 	return -1;