Branch: Tag:

2014-05-18

2014-05-18 16:05:22 by Martin Nilsson <nilsson@opera.com>

Check the date of all certificates in the chain.

1691:    {    array(Verifier)|Verifier verifiers;    +  // Check not_before. We want the current time to be later. +  if(my_time < tbs->not_before) +  ERROR(CERT_TOO_NEW); +  +  // Check not_after. We want the current time to be earlier. +  if(my_time > tbs->not_after) +  ERROR(CERT_TOO_OLD); +     if(idx != len-1) // Not the leaf    {    // id-ce-basicConstraints is required for certificates with
1743:       else // otherwise, we make sure the chain is unbroken.    { -  // Check not_before. We want the current time to be later. -  if(my_time < tbs->not_before) -  ERROR(CERT_TOO_NEW); -  -  // Check not_after. We want the current time to be earlier. -  if(my_time > tbs->not_after) -  ERROR(CERT_TOO_OLD); -  +     // is the issuer of this certificate the subject of the previous    // (more rootward) certificate?    if(tbs->issuer->get_der() != chain_obj[idx-1]->subject->get_der())