Branch: Tag:

2014-04-26

2014-04-26 13:37:41 by Martin Nilsson <nilsson@opera.com>

Verify time-validity of CA certificates.

635:    }    }    -  protected string get_id(object asn) -  { -  foreach(.PKCS.Identifiers.name_ids; string name; object id) -  if( asn==id ) return name; -  return (array(string))asn->id*"."; -  } -  +     protected array fmt_asn1(object asn)    {    array i = ({});
650:    foreach(asn->elements;; object o)    {    o = o[0]; -  string id = get_id(o[0]); +  string id = .PKCS.Identifiers.reverse_name_ids[o[0]] || +  (array(string))o[0]->id*"."; +     i += ({ ([ id : o[1]->value]) });    if( m )    {
1081:    if(stringp(tbs)) tbs = decode_certificate(tbs);    if(!tbs) return 0;    +  int t = time(); +  if( tbs->not_after < t ) return 0; +  if( tbs->not_before > t ) return 0; +     multiset crit = tbs->critical + (<>);    int self_signed = (tbs->issuer->get_der() == tbs->subject->get_der());