nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix a bug in handling clock skew

Browse Source 
svn:r785
This commit is contained in:
Roger Dingledine 2003-11-11 04:08:30 +00:00
parent 7bde42676b
commit 3d19a9b514
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/common/tortls.c
View File

@ -518,12 +518,12 @@ tor_tls_verify(tor_tls *tls)
return NULL; return NULL;
now = time(NULL); now = time(NULL);
t = now - CERT_ALLOW_SKEW; t = now + CERT_ALLOW_SKEW;
if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) { if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) {
log_fn(LOG_WARN,"Certificate becomes valid in the future: possible clock skew."); log_fn(LOG_WARN,"Certificate becomes valid in the future: possible clock skew.");
goto done; goto done;
} }
t = now + CERT_ALLOW_SKEW; t = now - CERT_ALLOW_SKEW;
if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) { if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) {
log_fn(LOG_WARN,"Certificate already expired; possible clock skew."); log_fn(LOG_WARN,"Certificate already expired; possible clock skew.");
goto done; goto done;