aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto/x509.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto/x509.c')
-rw-r--r--src/crypto/x509.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 1a27eb24..a99f6ab9 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -1264,12 +1264,12 @@ int x509_check_time ( struct x509_certificate *cert, time_t time ) {
struct x509_validity *validity = &cert->validity;
/* Check validity period */
- if ( time < validity->not_before.time ) {
+ if ( validity->not_before.time > ( time + X509_ERROR_MARGIN_TIME ) ) {
DBGC ( cert, "X509 %p \"%s\" is not yet valid (at time %lld)\n",
cert, cert->subject.name, time );
return -EACCES_EXPIRED;
}
- if ( time > validity->not_after.time ) {
+ if ( validity->not_after.time < ( time - X509_ERROR_MARGIN_TIME ) ) {
DBGC ( cert, "X509 %p \"%s\" has expired (at time %lld)\n",
cert, cert->subject.name, time );
return -EACCES_EXPIRED;
generated by cgit (git 2.34.1) at 2025-02-23 23:54:37 +0000