Lines 493-498
_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
Link Here
|
493 |
} |
493 |
} |
494 |
#endif |
494 |
#endif |
495 |
|
495 |
|
|
|
496 |
/* Check activation/expiration times |
497 |
*/ |
498 |
if (!(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS)) |
499 |
{ |
500 |
time_t t, now = time (0); |
501 |
|
502 |
for (i = 0; i < clist_size; i++) |
503 |
{ |
504 |
t = gnutls_x509_crt_get_activation_time (certificate_list[i]); |
505 |
if (t == (time_t) -1 || now < t) |
506 |
{ |
507 |
status |= GNUTLS_CERT_NOT_ACTIVATED; |
508 |
status |= GNUTLS_CERT_INVALID; |
509 |
return status; |
510 |
} |
511 |
|
512 |
t = gnutls_x509_crt_get_expiration_time (certificate_list[i]); |
513 |
if (t == (time_t) -1 || now > t) |
514 |
{ |
515 |
status |= GNUTLS_CERT_EXPIRED; |
516 |
status |= GNUTLS_CERT_INVALID; |
517 |
return status; |
518 |
} |
519 |
} |
520 |
} |
521 |
|
496 |
/* Verify the certificate path (chain) |
522 |
/* Verify the certificate path (chain) |
497 |
*/ |
523 |
*/ |
498 |
for (i = clist_size - 1; i > 0; i--) |
524 |
for (i = clist_size - 1; i > 0; i--) |