From 3d19a9b514afc65701e0d59820e344b696284a21 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Tue, 11 Nov 2003 04:08:30 +0000 Subject: [PATCH] fix a bug in handling clock skew svn:r785 --- src/common/tortls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 181e6df7f9..883d99410c 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -518,12 +518,12 @@ tor_tls_verify(tor_tls *tls) return NULL; now = time(NULL); - t = now - CERT_ALLOW_SKEW; + t = now + CERT_ALLOW_SKEW; if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) { log_fn(LOG_WARN,"Certificate becomes valid in the future: possible clock skew."); goto done; } - t = now + CERT_ALLOW_SKEW; + t = now - CERT_ALLOW_SKEW; if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) { log_fn(LOG_WARN,"Certificate already expired; possible clock skew."); goto done;