From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 11 Jun 2024 06:03:28 +0000 (+0200)
Subject: openssl: shortcut store_expired for negative timeouts
X-Git-Tag: curl-8_9_0~267
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5e8d921f55a558a20bc8f2a4cdac2da96e61b06e;p=thirdparty%2Fcurl.git

openssl: shortcut store_expired for negative timeouts

Avoid some unnecessary computation if the timeout is negative.

Spotted by CodeSonar
Closes #13919
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 95a8526ba3..a7f5f9a032 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3310,14 +3310,15 @@ cached_x509_store_expired(const struct Curl_easy *data,
                           const struct ossl_x509_share *mb)
 {
   const struct ssl_general_config *cfg = &data->set.general_ssl;
-  struct curltime now = Curl_now();
-  timediff_t elapsed_ms = Curl_timediff(now, mb->time);
-  timediff_t timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000;
-
-  if(timeout_ms < 0)
-    return false;
+  if(cfg->ca_cache_timeout < 0)
+    return FALSE;
+  else {
+    struct curltime now = Curl_now();
+    timediff_t elapsed_ms = Curl_timediff(now, mb->time);
+    timediff_t timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000;
 
-  return elapsed_ms >= timeout_ms;
+    return elapsed_ms >= timeout_ms;
+  }
 }
 
 static bool