1 files changed, 12 insertions, 9 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index f2dc356dc8..8d4d15668e 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.44 2015/07/19 05:42:55 miod Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.45 2015/09/14 16:13:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -758,15 +758,17 @@ err:
 static int
 check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
 {
-        time_t *ptime;
+        time_t *ptime = NULL;
        int i;
-        if (notify)
+        if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
-                ctx->current_crl = crl;
+                return (1);
        if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
                ptime = &ctx->param->check_time;
-        else
-                ptime = NULL;
+        if (notify)
+                ctx->current_crl = crl;
        i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
        if (i == 0) {
@@ -1489,13 +1491,14 @@ check_policy(X509_STORE_CTX *ctx)
 int
 x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet)
 {
-        time_t *ptime;
+        time_t *ptime = NULL;
        int i;
+        if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
+                return (1);
        if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
                ptime = &ctx->param->check_time;
-        else
-                ptime = NULL;
        i = X509_cmp_time(X509_get_notBefore(x), ptime);
        if (i == 0) {

diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index f2dc356dc8..8d4d15668e 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.c,v 1.44 2015/07/19 05:42:55 miod Exp $ */	1	/* $OpenBSD: x509_vfy.c,v 1.45 2015/09/14 16:13:39 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -758,15 +758,17 @@ err:
758	static int	758	static int
759	check_crl_time(X509_STORE_CTX ctx, X509_CRL crl, int notify)	759	check_crl_time(X509_STORE_CTX ctx, X509_CRL crl, int notify)
760	{	760	{
761	time_t *ptime;	761	time_t *ptime = NULL;
762	int i;	762	int i;
763		763
764	if (notify)	764	if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
765	ctx->current_crl = crl;	765	return (1);
		766
766	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)	767	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
767	ptime = &ctx->param->check_time;	768	ptime = &ctx->param->check_time;
768	else	769
769	ptime = NULL;	770	if (notify)
		771	ctx->current_crl = crl;
770		772
771	i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);	773	i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
772	if (i == 0) {	774	if (i == 0) {
@@ -1489,13 +1491,14 @@ check_policy(X509_STORE_CTX *ctx)
1489	int	1491	int
1490	x509_check_cert_time(X509_STORE_CTX ctx, X509 x, int quiet)	1492	x509_check_cert_time(X509_STORE_CTX ctx, X509 x, int quiet)
1491	{	1493	{
1492	time_t *ptime;	1494	time_t *ptime = NULL;
1493	int i;	1495	int i;
1494		1496
		1497	if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
		1498	return (1);
		1499
1495	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)	1500	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1496	ptime = &ctx->param->check_time;	1501	ptime = &ctx->param->check_time;
1497	else
1498	ptime = NULL;
1499		1502
1500	i = X509_cmp_time(X509_get_notBefore(x), ptime);	1503	i = X509_cmp_time(X509_get_notBefore(x), ptime);
1501	if (i == 0) {	1504	if (i == 0) {