From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 25 Apr 2018 09:37:43 +0000 (+0200)
Subject: x509: Fail CRL validity check if thisUpdate is in the future
X-Git-Tag: 5.6.3dr2~5^2~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a0902d1ae0356acbbf4e0278e51c756fe2196d51;p=thirdparty%2Fstrongswan.git

x509: Fail CRL validity check if thisUpdate is in the future
---

diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index 5c5010b976..95cb11cf4f 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -546,7 +546,7 @@ METHOD(certificate_t, get_validity, bool,
 	{
 		*not_after = this->nextUpdate;
 	}
-	return (t <= this->nextUpdate);
+	return (t >= this->thisUpdate && t <= this->nextUpdate);
 }
 
 METHOD(certificate_t, get_encoding, bool,