From e6283e2d3fa8d2702cbee7a828831d7eb10ca836 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Wed, 25 Aug 2021 22:49:14 -0500
Subject: [PATCH] hx509: For times before 2050 use UTCTime (fix pasto)

---
 lib/hx509/ca.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/hx509/ca.c b/lib/hx509/ca.c
index 6d222be21..ef242ab80 100644
--- a/lib/hx509/ca.c
+++ b/lib/hx509/ca.c
@@ -1763,6 +1763,8 @@ ca_sign(hx509_context context,
          *    are encoded in either UTCTime or GeneralizedTime.
          *
          * 2524608000 is seconds since the epoch for 2050-01-01T00:00:00Z.
+         *
+         * Both, ...u.generalTime and ...u..utcTime are time_t.
          */
         if (notBefore < 1 || (int64_t)notBefore < 2524608000)
             tbsc->validity.notBefore.element = choice_Time_utcTime;
@@ -1770,7 +1772,7 @@ ca_sign(hx509_context context,
             tbsc->validity.notBefore.element = choice_Time_generalTime;
         tbsc->validity.notBefore.u.generalTime = notBefore;
 
-        if (notAfter < 1 || (int64_t)notBefore < 2524608000)
+        if (notAfter < 1 || (int64_t)notAfter < 2524608000)
             tbsc->validity.notAfter.element = choice_Time_utcTime;
         else
             tbsc->validity.notAfter.element = choice_Time_generalTime;