RT3951: Add X509_V_FLAG_NO_CHECK_TIME to suppress time check

In some environments, such as firmware, the current system time is entirely meaningless. Provide a clean mechanism to suppress the checks against it. Signed-off-by: Rich Salz <rsalz@akamai.com> Reviewed-by: Tim Hudson <tjh@openssl.org>
author: David Woodhouse <David.Woodhouse@intel.com> 2015-07-31 08:49:50 +0100
committer: Rich Salz <rsalz@openssl.org> 2015-09-05 16:17:15 -0400
commit: d35ff2c0ade0a12e84aaa2e9841b4983a2f3cf45 (patch)
tree: ea7207dd84a2a5ab1e18e9f9711cb966e46751a0 /crypto
parent: 2519b4e18101a7e987dad842084cd1da5da5c191 (diff)
download: openssl-d35ff2c0ade0a12e84aaa2e9841b4983a2f3cf45.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 6169db1e1c..2b2d5ada3d 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -957,6 +957,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
         ctx->current_crl = crl;
     if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
         ptime = &ctx->param->check_time;
+    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
+        return 1;
     else
         ptime = NULL;
 
@@ -1677,6 +1679,8 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet)
 
     if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
         ptime = &ctx->param->check_time;
+    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
+        return 1;
     else
         ptime = NULL;
author	David Woodhouse <David.Woodhouse@intel.com>	2015-07-31 08:49:50 +0100
committer	Rich Salz <rsalz@openssl.org>	2015-09-05 16:17:15 -0400
commit	d35ff2c0ade0a12e84aaa2e9841b4983a2f3cf45 (patch)
tree	ea7207dd84a2a5ab1e18e9f9711cb966e46751a0 /crypto
parent	2519b4e18101a7e987dad842084cd1da5da5c191 (diff)
download	openssl-d35ff2c0ade0a12e84aaa2e9841b4983a2f3cf45.tar.gz