1 files changed, 8 insertions, 0 deletions

diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 07e8be08c7..a96e23c770 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -451,6 +451,14 @@ int _gnutls_check_cert_sanity(gnutls_x509_crt_t cert)
 		}
 	}
 
+	if (gnutls_x509_crt_get_expiration_time(cert) == -1 ||
+	    gnutls_x509_crt_get_activation_time(cert) == -1) {
+		gnutls_assert();
+		_gnutls_debug_log("error: invalid expiration or activation time in certificate\n");
+		result = GNUTLS_E_X509_CERTIFICATE_ERROR;
+		goto cleanup;
+	}
+
 	result = 0;
 
  cleanup: