rec validate: use rfc1982 math for RRSIG timestamps

diff --git a/pdns/validate.cc b/pdns/validate.cc
index 1666460697fba6475233e0b4df9a01dd33342bae..e1e38b50d16bcc44382eedf248deef0be2168c83 100644 (file)
--- a/pdns/validate.cc
+++ b/pdns/validate.cc
@@ -973,14 +973,12 @@ dState getDenial(const cspmap_t &validrrsets, const DNSName& qname, const uint16
 
 bool isRRSIGNotExpired(const time_t now, const RRSIGRecordContent& sig)
 {
-  // Should use https://www.rfc-editor.org/rfc/rfc4034.txt section 3.1.5
-  return sig.d_sigexpire >= now;
+  return rfc1982LessThan<uint32_t>(now, sig.d_sigexpire);
 }
 
 bool isRRSIGIncepted(const time_t now, const RRSIGRecordContent& sig)
 {
-  // Should use https://www.rfc-editor.org/rfc/rfc4034.txt section 3.1.5
-  return sig.d_siginception - g_signatureInceptionSkew <= now;
+  return rfc1982LessThan<uint32_t>(sig.d_siginception - g_signatureInceptionSkew, now);
 }
 
 namespace {