From 00bdd56b18e1441510e770b16bd869968839153b Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 3 Nov 2016 19:29:52 -0400
Subject: [PATCH] Only check cert expiry vs TIME_MAX when time_t is less than
 64-bit

Fixes issue 20558 / CID 1375988.
---
 src/or/torcert.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/or/torcert.c b/src/or/torcert.c
index 852def9ef6..6bc880a89b 100644
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -156,11 +156,12 @@ tor_cert_parse(const uint8_t *encoded, const size_t len)
   cert->encoded_len = len;
 
   memcpy(cert->signed_key.pubkey, parsed->certified_key, 32);
-  const int64_t valid_until_64 = ((int64_t)parsed->exp_field) * 3600;
+  int64_t valid_until_64 = ((int64_t)parsed->exp_field) * 3600;
+#if SIZEOF_TIME_T < SIZEOF_INT64_T
   if (valid_until_64 > TIME_MAX)
-    cert->valid_until = TIME_MAX - 1;
-  else
-    cert->valid_until = (time_t) valid_until_64;
+    valid_until_64 = TIME_MAX - 1;
+#endif
+  cert->valid_until = (time_t) valid_until_64;
   cert->cert_type = parsed->cert_type;
 
   for (unsigned i = 0; i < ed25519_cert_getlen_ext(parsed); ++i) {