summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_vfy.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509/x509_vfy.c')
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c24
1 files changed, 3 insertions, 21 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 5399658639..501f5e5710 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_vfy.c,v 1.142 2024/03/02 10:40:05 tb Exp $ */ 1/* $OpenBSD: x509_vfy.c,v 1.143 2024/04/08 23:46:21 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1744,18 +1744,6 @@ verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err)
1744 return ctx->verify_cb(0, ctx); 1744 return ctx->verify_cb(0, ctx);
1745} 1745}
1746 1746
1747
1748/* Mimic OpenSSL '0 for failure' ick */
1749static int
1750time_t_bogocmp(time_t a, time_t b)
1751{
1752 if (a == -1 || b == -1)
1753 return 0;
1754 if (a <= b)
1755 return -1;
1756 return 1;
1757}
1758
1759/* 1747/*
1760 * Check certificate validity times. 1748 * Check certificate validity times.
1761 * 1749 *
@@ -1777,10 +1765,7 @@ x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
1777 else 1765 else
1778 ptime = time(NULL); 1766 ptime = time(NULL);
1779 1767
1780 if (x->ex_flags & EXFLAG_SET) 1768 i = X509_cmp_time(X509_get_notBefore(x), &ptime);
1781 i = time_t_bogocmp(x->not_before, ptime);
1782 else
1783 i = X509_cmp_time(X509_get_notBefore(x), &ptime);
1784 1769
1785 if (i >= 0 && depth < 0) 1770 if (i >= 0 && depth < 0)
1786 return 0; 1771 return 0;
@@ -1791,10 +1776,7 @@ x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
1791 X509_V_ERR_CERT_NOT_YET_VALID)) 1776 X509_V_ERR_CERT_NOT_YET_VALID))
1792 return 0; 1777 return 0;
1793 1778
1794 if (x->ex_flags & EXFLAG_SET) 1779 i = X509_cmp_time_internal(X509_get_notAfter(x), &ptime, 1);
1795 i = time_t_bogocmp(x->not_after, ptime);
1796 else
1797 i = X509_cmp_time_internal(X509_get_notAfter(x), &ptime, 1);
1798 1780
1799 if (i <= 0 && depth < 0) 1781 if (i <= 0 && depth < 0)
1800 return 0; 1782 return 0;