oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Skip the leaf certificate HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK check for now

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24254 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-01-11 21:44:19 +00:00
parent 3ee9a138f6
commit 4b553afa07
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/hx509/cert.c
View File

@@ -2278,10 +2278,12 @@ hx509_verify_path(hx509_context context,
* Verify that the sigature algorithm "best-before" date is * Verify that the sigature algorithm "best-before" date is
* before the creation date of the certificate, do this for * before the creation date of the certificate, do this for
* trust anchors too, since any trust anchor that is created * trust anchors too, since any trust anchor that is created
* after a algorithm is known to be bad deserved to be invalid * after a algorithm is known to be bad deserved to be invalid.
*
* Skip the leaf certificate for now...
*/ */
if ((ctx->flags & HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK) == 0) { if (i != 0 && (ctx->flags & HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK) == 0) {
time_t notBefore = time_t notBefore =
_hx509_Time2time_t(&c->tbsCertificate.validity.notBefore); _hx509_Time2time_t(&c->tbsCertificate.validity.notBefore);
ret = _hx509_signature_best_before(context, ret = _hx509_signature_best_before(context,