From 38bd0f7fdaa16b9b09ca82e11caa2f406113ea41 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 30 Apr 2006 14:05:57 +0000
Subject: [PATCH] Add the time the crl/ocsp info expire

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17372 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/revoke.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/lib/hx509/revoke.c b/lib/hx509/revoke.c
index e37f33a08..fc347d1df 100644
--- a/lib/hx509/revoke.c
+++ b/lib/hx509/revoke.c
@@ -482,6 +482,7 @@ hx509_revoke_verify(hx509_context context,
 		    hx509_revoke_ctx revoke,
 		    hx509_certs certs,
 		    time_t now,
+		    time_t *expiration,
 		    hx509_cert cert,
 		    hx509_cert parent_cert)
 {
@@ -490,6 +491,9 @@ hx509_revoke_verify(hx509_context context,
     unsigned long i, j, k;
     int ret;
 
+    if (expiration)
+	*expiration = 0;
+
     for (i = 0; i < revoke->ocsps.len; i++) {
 	struct revoke_ocsp *ocsp = &revoke->ocsps.val[i];
 	struct stat sb;
@@ -557,6 +561,13 @@ hx509_revoke_verify(hx509_context context,
 	    } else
 		/* Should force a refetch, but can we ? */;
 
+	    if (expiration) {
+		if (*ocsp->ocsp.tbsResponseData.responses.val[i])
+		    *expiration = *ocsp->ocsp.tbsResponseData.responses.val[i].nextUpdate;
+		else 
+		    *expiration = now + context->ocsp_time_diff;
+	    }
+
 	    return 0;
 	}
     }
@@ -619,6 +630,10 @@ hx509_revoke_verify(hx509_context context,
 	    
 	    return HX509_CRL_CERT_REVOKED;
 	}
+
+	if (expiration)
+	    *expiration = *crl->tbsCertList.nextUpdate;
+
 	return 0;
     }