]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a0902d1)
openssl: Fail CRL validity check if thisUpdate is in the future
authorTobias Brunner <tobias@strongswan.org>
Wed, 25 Apr 2018 09:38:22 +0000 (11:38 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 22 May 2018 07:50:47 +0000 (09:50 +0200)
src/libstrongswan/plugins/openssl/openssl_crl.c patch | blob | blame | history

diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 88f7a67c20c7bb2393747e40a1432c98b4b3f5a2..bb5f20dcffb082256c99ff3ac3f869c6cccc8acb 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -358,7 +358,7 @@ METHOD(certificate_t, get_validity, bool,
        {
                *not_after = this->nextUpdate;
        }
-       return t <= this->nextUpdate;
+       return (t >= this->thisUpdate && t <= this->nextUpdate);
 }
 
 METHOD(certificate_t, get_encoding, bool,
Unnamed repository; edit this file 'description' to name the repository.