diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2015-07-31 08:49:50 +0100 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-09-05 16:17:15 -0400 |
commit | d35ff2c0ade0a12e84aaa2e9841b4983a2f3cf45 (patch) | |
tree | ea7207dd84a2a5ab1e18e9f9711cb966e46751a0 /crypto | |
parent | 2519b4e18101a7e987dad842084cd1da5da5c191 (diff) | |
download | openssl-d35ff2c0ade0a12e84aaa2e9841b4983a2f3cf45.tar.gz |
RT3951: Add X509_V_FLAG_NO_CHECK_TIME to suppress time check
In some environments, such as firmware, the current system time is entirely
meaningless. Provide a clean mechanism to suppress the checks against it.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509/x509_vfy.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 6169db1e1c..2b2d5ada3d 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -957,6 +957,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) ctx->current_crl = crl; if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) ptime = &ctx->param->check_time; + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) + return 1; else ptime = NULL; @@ -1677,6 +1679,8 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet) if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) ptime = &ctx->param->check_time; + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) + return 1; else ptime = NULL; |