diff options
Diffstat (limited to 'src/lib/libcrypto/x509/x509_vfy.c')
-rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 24 |
1 files changed, 3 insertions, 21 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 5399658639..501f5e5710 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_vfy.c,v 1.142 2024/03/02 10:40:05 tb Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.143 2024/04/08 23:46:21 beck Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -1744,18 +1744,6 @@ verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err) | |||
1744 | return ctx->verify_cb(0, ctx); | 1744 | return ctx->verify_cb(0, ctx); |
1745 | } | 1745 | } |
1746 | 1746 | ||
1747 | |||
1748 | /* Mimic OpenSSL '0 for failure' ick */ | ||
1749 | static int | ||
1750 | time_t_bogocmp(time_t a, time_t b) | ||
1751 | { | ||
1752 | if (a == -1 || b == -1) | ||
1753 | return 0; | ||
1754 | if (a <= b) | ||
1755 | return -1; | ||
1756 | return 1; | ||
1757 | } | ||
1758 | |||
1759 | /* | 1747 | /* |
1760 | * Check certificate validity times. | 1748 | * Check certificate validity times. |
1761 | * | 1749 | * |
@@ -1777,10 +1765,7 @@ x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) | |||
1777 | else | 1765 | else |
1778 | ptime = time(NULL); | 1766 | ptime = time(NULL); |
1779 | 1767 | ||
1780 | if (x->ex_flags & EXFLAG_SET) | 1768 | i = X509_cmp_time(X509_get_notBefore(x), &ptime); |
1781 | i = time_t_bogocmp(x->not_before, ptime); | ||
1782 | else | ||
1783 | i = X509_cmp_time(X509_get_notBefore(x), &ptime); | ||
1784 | 1769 | ||
1785 | if (i >= 0 && depth < 0) | 1770 | if (i >= 0 && depth < 0) |
1786 | return 0; | 1771 | return 0; |
@@ -1791,10 +1776,7 @@ x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) | |||
1791 | X509_V_ERR_CERT_NOT_YET_VALID)) | 1776 | X509_V_ERR_CERT_NOT_YET_VALID)) |
1792 | return 0; | 1777 | return 0; |
1793 | 1778 | ||
1794 | if (x->ex_flags & EXFLAG_SET) | 1779 | i = X509_cmp_time_internal(X509_get_notAfter(x), &ptime, 1); |
1795 | i = time_t_bogocmp(x->not_after, ptime); | ||
1796 | else | ||
1797 | i = X509_cmp_time_internal(X509_get_notAfter(x), &ptime, 1); | ||
1798 | 1780 | ||
1799 | if (i <= 0 && depth < 0) | 1781 | if (i <= 0 && depth < 0) |
1800 | return 0; | 1782 | return 0; |