- x509parse_time_expired() checks time now in addition to the existing date check

2011-01-16 21:40:22 +00:00 · 2011-01-16 21:40:22 +00:00 · b619499eb3
commit b619499eb3
parent a056efc8f9
2 changed files with 25 additions and 0 deletions
--- a/4
+++ b/4
@ -18,6 +18,10 @@ Note: Most of these features have been donated by Fox-IT
       + Added verification callback on certificate chain
         verification to allow external blacklisting

+Changes
+   * x509parse_time_expired() checks time in addition to
+     the existing date check
+
 = Version 0.14.0 released on 2010-08-16
 Features
   * Added support for SSL_EDH_RSA_AES_128_SHA and
--- a/library/x509parse.c
+++ b/library/x509parse.c
@ -2584,6 +2584,27 @@ int x509parse_time_expired( const x509_time *to )
        lt->tm_mday  > to->day )
        return( 1 );

+    if( lt->tm_year == to->year - 1900 &&
+        lt->tm_mon  == to->mon  - 1    &&
+        lt->tm_mday == to->day         &&
+        lt->tm_hour  > to->hour - 1)
+        return( 1 );
+
+    if( lt->tm_year == to->year - 1900 &&
+        lt->tm_mon  == to->mon  - 1    &&
+        lt->tm_mday == to->day         &&
+        lt->tm_hour == to->hour - 1    &&
+        lt->tm_min   > to->min  - 1 )
+        return( 1 );
+
+    if( lt->tm_year == to->year - 1900 &&
+        lt->tm_mon  == to->mon  - 1    &&
+        lt->tm_mday == to->day         &&
+        lt->tm_hour == to->hour - 1    &&
+        lt->tm_min  == to->min  - 1    &&
+        lt->tm_sec   > to->sec  - 1 )
+        return( 1 );
+
    return( 0 );
 }