diff options
author | relyea%netscape.com <devnull@localhost> | 2002-02-27 18:56:24 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2002-02-27 18:56:24 +0000 |
commit | c483e5f43bf6fd5d79dcd64821654ebec0ebf761 (patch) | |
tree | d10de485c2a82f45db61f419e92ddf47147c162b | |
parent | b758fd836a6579016077823e0a6cf152803e8757 (diff) | |
download | nss-hg-c483e5f43bf6fd5d79dcd64821654ebec0ebf761.tar.gz |
remove LastUpdate time checks from Crl's when verifying certificates.
-rw-r--r-- | security/nss/lib/certhigh/certvfy.c | 10 |
1 files changed, 0 insertions, 10 deletions
diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index 42d6d86ee..250749301 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -287,16 +287,6 @@ SEC_CheckCRL(CERTCertDBHandle *handle,CERTCertificate *cert, goto done; } - /* Verify the date validity of the KRL */ - validity = SEC_CheckCrlTimes(&crl->crl,t); - if (validity == secCertTimeExpired) { - PORT_SetError(SEC_ERROR_CRL_EXPIRED); - rv = SECWouldBlock; /* Soft error, ask the user */ - } else if (validity == secCertTimeNotValidYet) { - PORT_SetError(SEC_ERROR_CRL_NOT_YET_VALID); - rv = SECWouldBlock; /* Soft error, ask the user */ - } - /* now make sure the key is not on the revocation list */ for (crlEntry = crl->crl.entries; crlEntry && *crlEntry; crlEntry++) { if (SECITEM_CompareItem(&(*crlEntry)->serialNumber,&cert->serialNumber) == SECEqual) { |