diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-17 11:33:56 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-17 17:26:38 +0100 |
| commit | 35c681a1695c265cfb82b8dfd77e6994102e18a1 (patch) | |
| tree | 0c8823715bcb200eaf82d341a3665583f40b482d /lib | |
| parent | 8bcd6b8bf1acbd4fd9ae16a91a453b052e809f6d (diff) | |
| download | gnutls-35c681a1695c265cfb82b8dfd77e6994102e18a1.tar.gz | |
x509/time: refuse importing certificates with invalid Time fields
That will refuse to import certificates which their time field
is not in GMT, or contain fractional seconds.
Resolves: #169
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/x509/x509.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 07e8be08c7..a96e23c770 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -451,6 +451,14 @@ int _gnutls_check_cert_sanity(gnutls_x509_crt_t cert) } } + if (gnutls_x509_crt_get_expiration_time(cert) == -1 || + gnutls_x509_crt_get_activation_time(cert) == -1) { + gnutls_assert(); + _gnutls_debug_log("error: invalid expiration or activation time in certificate\n"); + result = GNUTLS_E_X509_CERTIFICATE_ERROR; + goto cleanup; + } + result = 0; cleanup: |