[tls] Check certificate validity period against current date and time

Signed-off-by: Michael Brown <mcb30@ipxe.org>
author: Michael Brown <mcb30@ipxe.org> 2012-03-19 23:04:05 +0000
committer: Michael Brown <mcb30@ipxe.org> 2012-03-19 23:14:17 +0000
commit: 8583c323a25fd65fb6e7fe47e3e8b69d23acb2d3 (patch)
tree: 9422d344ede255df558bb522615f8c11a0e5fcd8 /src/net/tls.c
parent: 0610bcb1d2876d9e71ced51ed44c4e8854eefb33 (diff)
download: ipxe-8583c323a25fd65fb6e7fe47e3e8b69d23acb2d3.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/src/net/tls.c b/src/net/tls.c
index 276b23577..3aefb19de 100644
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -1093,6 +1093,7 @@ static int tls_new_certificate ( struct tls_session *tls,
 	struct x509_certificate cert;
 	struct x509_name *name = &cert.subject.name;
 	struct x509_public_key *key = &cert.subject.public_key;
+	time_t now;
 	int rc;
 
 	/* Sanity check */
@@ -1107,8 +1108,9 @@ static int tls_new_certificate ( struct tls_session *tls,
 	context.tls = tls;
 	context.current = certificate->certificates;
 	context.end = end;
+	now = time ( NULL );
 	if ( ( rc = x509_validate_chain ( tls_parse_next, &context,
-					  NULL, &cert ) ) != 0 ) {
+					  now, NULL, &cert ) ) != 0 ) {
 		DBGC ( tls, "TLS %p could not validate certificate chain: %s\n",
 		       tls, strerror ( rc ) );
 		return rc;
author	Michael Brown <mcb30@ipxe.org>	2012-03-19 23:04:05 +0000
committer	Michael Brown <mcb30@ipxe.org>	2012-03-19 23:14:17 +0000
commit	8583c323a25fd65fb6e7fe47e3e8b69d23acb2d3 (patch)
tree	9422d344ede255df558bb522615f8c11a0e5fcd8 /src/net/tls.c
parent	0610bcb1d2876d9e71ced51ed44c4e8854eefb33 (diff)
download	ipxe-8583c323a25fd65fb6e7fe47e3e8b69d23acb2d3.tar.gz