From 98d48f25d777592aebbaa5194a5278f03fbbd6f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 11 Jan 2009 21:44:00 +0000
Subject: [PATCH] use _hx509_signature_best_before

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24252 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/cert.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c
index a0bba3adb..adabf1914 100644
--- a/lib/hx509/cert.c
+++ b/lib/hx509/cert.c
@@ -2263,6 +2263,16 @@ hx509_verify_path(hx509_context context,
 				   "Failed to verify signature of certificate");
 	    goto out;
 	}
+	/* verify that the creation date is before the best before date */
+	if (i + 1 < path.len) {
+	    time_t notBefore = 
+		_hx509_Time2time_t(&c->tbsCertificate.validity.notBefore);
+	    ret = _hx509_signature_best_before(context,
+					       &c->signatureAlgorithm,
+					       notBefore);
+	    if (ret)
+		goto out;
+	}
     }
 
 out: