pki: Do not print certificate validity if certificate returns UNDEFINED_TIME

diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index fa69de1335499073d4018923a323d2e27c13fa3d..7fec3fe42225eb6455649ec255b7080cbc32c3d9 100644 (file)
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -509,23 +509,26 @@ static void print_cert(certificate_t *cert)
        printf("issuer:   \"%Y\"\n", cert->get_issuer(cert));
 
        cert->get_validity(cert, &now, &notBefore, &notAfter);
-       printf("validity:  not before %T, ", &notBefore, FALSE);
-       if (now < notBefore)
+       if (notBefore != UNDEFINED_TIME || notAfter != UNDEFINED_TIME)
        {
-               printf("not valid yet (valid in %V)\n", &now, &notBefore);
-       }
-       else
-       {
-               printf("ok\n");
-       }
-       printf("           not after  %T, ", &notAfter, FALSE);
-       if (now > notAfter)
-       {
-               printf("expired (%V ago)\n", &now, &notAfter);
-       }
-       else
-       {
-               printf("ok (expires in %V)\n", &now, &notAfter);
+               printf("validity:  not before %T, ", &notBefore, FALSE);
+               if (now < notBefore)
+               {
+                       printf("not valid yet (valid in %V)\n", &now, &notBefore);
+               }
+               else
+               {
+                       printf("ok\n");
+               }
+               printf("           not after  %T, ", &notAfter, FALSE);
+               if (now > notAfter)
+               {
+                       printf("expired (%V ago)\n", &now, &notAfter);
+               }
+               else
+               {
+                       printf("ok (expires in %V)\n", &now, &notAfter);
+               }
        }
 
        switch (cert->get_type(cert))