mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
fix a bug in handling clock skew
svn:r785
This commit is contained in:
parent
7bde42676b
commit
3d19a9b514
@ -518,12 +518,12 @@ tor_tls_verify(tor_tls *tls)
|
||||
return NULL;
|
||||
|
||||
now = time(NULL);
|
||||
t = now - CERT_ALLOW_SKEW;
|
||||
t = now + CERT_ALLOW_SKEW;
|
||||
if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) {
|
||||
log_fn(LOG_WARN,"Certificate becomes valid in the future: possible clock skew.");
|
||||
goto done;
|
||||
}
|
||||
t = now + CERT_ALLOW_SKEW;
|
||||
t = now - CERT_ALLOW_SKEW;
|
||||
if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) {
|
||||
log_fn(LOG_WARN,"Certificate already expired; possible clock skew.");
|
||||
goto done;
|
||||
|
Loading…
Reference in New Issue
Block a user