ASN1_time_parse() is going away.
https://github.com/arekinath/pivy/pull/44

Index: piv-ca.c
--- piv-ca.c.orig
+++ piv-ca.c
@@ -3947,7 +3947,6 @@ ca_log_crl_gen(struct ca *ca, struct ca_session *sess,
 	const ASN1_TIME *asn1time;
 	struct tm tmv;
 	time_t t;
-	int rc;
 	STACK_OF(X509_REVOKED) *revoked;
 
 	err = ca_log_verify(ca, &prev_hash, NULL, NULL);
@@ -4007,14 +4006,8 @@ ca_log_crl_gen(struct ca *ca, struct ca_session *sess,
 
 	bzero(&tmv, sizeof (tmv));
 	asn1time = X509_CRL_get0_lastUpdate(crl);
-	/*
-	 * This is LibreSSL-specific, if we ever change to OpenSSL we probably
-	 * want ASN1_TIME_to_tm() here.
-	 */
-	rc = ASN1_time_parse((const char *)ASN1_STRING_get0_data(asn1time),
-	    ASN1_STRING_length(asn1time), &tmv, 0);
-	if (rc == -1) {
-		make_sslerrf(err, "ASN1_time_parse", "parsing lastUpdate "
+	if (!ASN1_TIME_to_tm(asn1time, &tmv)) {
+		make_sslerrf(err, "ASN1_TIME_to_tm", "parsing lastUpdate "
 		    "timestamp in CRL");
 		goto out;
 	}
@@ -4026,10 +4019,8 @@ ca_log_crl_gen(struct ca *ca, struct ca_session *sess,
 
 	bzero(&tmv, sizeof (tmv));
 	asn1time = X509_CRL_get0_nextUpdate(crl);
-	rc = ASN1_time_parse((const char *)ASN1_STRING_get0_data(asn1time),
-	    ASN1_STRING_length(asn1time), &tmv, 0);
-	if (rc == -1) {
-		make_sslerrf(err, "ASN1_time_parse", "parsing nextUpdate "
+	if (!ASN1_TIME_to_tm(asn1time, &tmv)) {
+		make_sslerrf(err, "ASN1_TIME_to_tm", "parsing nextUpdate "
 		    "timestamp in CRL");
 		goto out;
 	}
