From: Roger Dingledine <arma@torproject.org>
Date: Tue, 11 Nov 2003 04:08:30 +0000 (+0000)
Subject: fix a bug in handling clock skew
X-Git-Tag: tor-0.0.2pre14~65
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3d19a9b514afc65701e0d59820e344b696284a21;p=thirdparty%2Ftor.git

fix a bug in handling clock skew


svn:r785
---

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 181e6df7f9..883d99410c 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -518,12 +518,12 @@ tor_tls_verify(tor_tls *tls)
     return NULL;
   
   now = time(NULL);
-  t = now - CERT_ALLOW_SKEW;
+  t = now + CERT_ALLOW_SKEW;
   if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) {
     log_fn(LOG_WARN,"Certificate becomes valid in the future: possible clock skew.");
     goto done;
   }
-  t = now + CERT_ALLOW_SKEW;
+  t = now - CERT_ALLOW_SKEW;
   if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) {
     log_fn(LOG_WARN,"Certificate already expired; possible clock skew.");
     goto done;