BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback

In the OCSP response callback, instead of using the actual date of the
system, the scheduler's 'now' timer is used when checking a response's
validity.

This patch can be backported to all stable versions.

diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index 9ad81b28eb0a0245458672792c5102e2e9deed68..9e507997c97f0acbab3a0d26c3f62f17eb31aad8 100644 (file)
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -160,7 +160,7 @@ int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
        if (!ocsp ||
            !ocsp->response.area ||
            !ocsp->response.data ||
-           (ocsp->expire < now.tv_sec))
+           (ocsp->expire < date.tv_sec))
                return SSL_TLSEXT_ERR_NOACK;
 
        ssl_buf = OPENSSL_malloc(ocsp->response.data);