]> git.ipfire.org Git - thirdparty/tor.git/commitdiff
projects / thirdparty / tor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7bde426)
fix a bug in handling clock skew
authorRoger Dingledine <arma@torproject.org>
Tue, 11 Nov 2003 04:08:30 +0000 (04:08 +0000)
committerRoger Dingledine <arma@torproject.org>
Tue, 11 Nov 2003 04:08:30 +0000 (04:08 +0000)
svn:r785

src/common/tortls.c patch | blob | blame | history

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 181e6df7f904159ac371e90e16c9c3c080ba7d94..883d99410ca6df70f338b0606bb917ef74f5429a 100644 (file)
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -518,12 +518,12 @@ tor_tls_verify(tor_tls *tls)
     return NULL;
   
   now = time(NULL);
-  t = now - CERT_ALLOW_SKEW;
+  t = now + CERT_ALLOW_SKEW;
   if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) {
     log_fn(LOG_WARN,"Certificate becomes valid in the future: possible clock skew.");
     goto done;
   }
-  t = now + CERT_ALLOW_SKEW;
+  t = now - CERT_ALLOW_SKEW;
   if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) {
     log_fn(LOG_WARN,"Certificate already expired; possible clock skew.");
     goto done;
Mirror of https://git.torproject.org/tor.git