From 8583c323a25fd65fb6e7fe47e3e8b69d23acb2d3 Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Mon, 19 Mar 2012 23:04:05 +0000
Subject: [tls] Check certificate validity period against current date and time

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/net/tls.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/net')

diff --git a/src/net/tls.c b/src/net/tls.c
index 276b23577..3aefb19de 100644
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -1093,6 +1093,7 @@ static int tls_new_certificate ( struct tls_session *tls,
 	struct x509_certificate cert;
 	struct x509_name *name = &cert.subject.name;
 	struct x509_public_key *key = &cert.subject.public_key;
+	time_t now;
 	int rc;
 
 	/* Sanity check */
@@ -1107,8 +1108,9 @@ static int tls_new_certificate ( struct tls_session *tls,
 	context.tls = tls;
 	context.current = certificate->certificates;
 	context.end = end;
+	now = time ( NULL );
 	if ( ( rc = x509_validate_chain ( tls_parse_next, &context,
-					  NULL, &cert ) ) != 0 ) {
+					  now, NULL, &cert ) ) != 0 ) {
 		DBGC ( tls, "TLS %p could not validate certificate chain: %s\n",
 		       tls, strerror ( rc ) );
 		return rc;
-- 
cgit v1.2.3-55-g7522