sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2025-12-26 09:32:33 +03:00
Code Issues Packages Projects Releases Wiki Activity

[tls] Check certificate validity period against current date and time

Browse Source 
Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2012-03-19 23:04:05 +00:00
parent 0610bcb1d2
commit 8583c323a2
3 changed files with 49 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/net/tls.c
View File

@@ -1093,6 +1093,7 @@ static int tls_new_certificate ( struct tls_session *tls,
struct x509_certificate cert;
struct x509_name *name = &cert.subject.name;
struct x509_public_key *key = &cert.subject.public_key;
time_t now;
int rc;
/* Sanity check */
@@ -1107,8 +1108,9 @@ static int tls_new_certificate ( struct tls_session *tls,
context.tls = tls;
context.current = certificate->certificates;
context.end = end;
now = time ( NULL );
if ( ( rc = x509_validate_chain ( tls_parse_next, &context,
NULL, &cert ) ) != 0 ) {
now, NULL, &cert ) ) != 0 ) {
DBGC ( tls, "TLS %p could not validate certificate chain: %s\n",
tls, strerror ( rc ) );
return rc;