diff options
author | ddrinan%netscape.com <devnull@localhost> | 2001-08-01 22:54:56 +0000 |
---|---|---|
committer | ddrinan%netscape.com <devnull@localhost> | 2001-08-01 22:54:56 +0000 |
commit | dd5e919e281de3add6bfbb348203db8f62341360 (patch) | |
tree | 68bbe8ba530e695f681b34952d2d97df3ade6851 | |
parent | e07a7660524b49f48bcff4f4caea19b62813a24b (diff) | |
download | nss-hg-dd5e919e281de3add6bfbb348203db8f62341360.tar.gz |
Bug 72753 - new cers reported as expired when clock is slow.
-rw-r--r-- | security/nss/lib/certdb/certdb.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 3d35b9673..8523033f9 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -899,7 +899,7 @@ CERT_GetCertTimes(CERTCertificate *c, int64 *notBefore, int64 *notAfter) SECCertTimeValidity CERT_CheckCertValidTimes(CERTCertificate *c, int64 t, PRBool allowOverride) { - int64 notBefore, notAfter, llPendingSlop; + PRTime notBefore, notAfter, llPendingSlop, tmp1; SECStatus rv; /* if cert is already marked OK, then don't bother to check */ @@ -914,6 +914,9 @@ CERT_CheckCertValidTimes(CERTCertificate *c, int64 t, PRBool allowOverride) } LL_I2L(llPendingSlop, pendingSlop); + /* convert to micro seconds */ + LL_I2L(tmp1, PR_USEC_PER_SEC); + LL_MUL(llPendingSlop, llPendingSlop, tmp1); LL_SUB(notBefore, notBefore, llPendingSlop); if ( LL_CMP( t, <, notBefore ) ) { PORT_SetError(SEC_ERROR_EXPIRED_CERTIFICATE); @@ -956,7 +959,7 @@ SEC_GetCrlTimes(CERTCrl *date, int64 *notBefore, int64 *notAfter) */ SECCertTimeValidity SEC_CheckCrlTimes(CERTCrl *crl, int64 t) { - int64 notBefore, notAfter, llPendingSlop; + PRTime notBefore, notAfter, llPendingSlop, tmp1; SECStatus rv; rv = SEC_GetCrlTimes(crl, ¬Before, ¬After); @@ -966,6 +969,9 @@ SEC_CheckCrlTimes(CERTCrl *crl, int64 t) { } LL_I2L(llPendingSlop, pendingSlop); + /* convert to micro seconds */ + LL_I2L(tmp1, PR_USEC_PER_SEC); + LL_MUL(llPendingSlop, llPendingSlop, tmp1); LL_SUB(notBefore, notBefore, llPendingSlop); if ( LL_CMP( t, <, notBefore ) ) { return(secCertTimeNotValidYet); |