Bug 1295163 - Limit time-variation when accepting 0-RTT, r=ekr

author: Martin Thomson <martin.thomson@gmail.com> 2017-05-22 10:38:02 +1000
committer: Martin Thomson <martin.thomson@gmail.com> 2017-05-22 10:38:02 +1000
commit: 12b335ad28a8892f893910dea59c7635b5b7da89 (patch)
tree: deeb4bb4111cb34e5ec72ec8933b9bf538efd697 /lib/ssl/authcert.c
parent: 7ad866c2aa378ee016d9f95785b483b713f68631 (diff)
download: nss-hg-12b335ad28a8892f893910dea59c7635b5b7da89.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/ssl/authcert.c b/lib/ssl/authcert.c
index 88c7c084a..2765c8342 100644
--- a/lib/ssl/authcert.c
+++ b/lib/ssl/authcert.c
@@ -17,6 +17,7 @@
 #include "nss.h"
 #include "ssl.h"
 #include "pk11func.h" /* for PK11_ function calls */
+#include "sslimpl.h"
 
 /*
  * This callback used by SSL to pull client sertificate upon
@@ -63,7 +64,7 @@ NSS_GetClientAuthData(void *arg,
                 if (!cert)
                     continue;
                 /* Only check unexpired certs */
-                if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) !=
+                if (CERT_CheckCertValidTimes(cert, ssl_TimeUsec(), PR_TRUE) !=
                     secCertTimeValid) {
                     CERT_DestroyCertificate(cert);
                     continue;
author	Martin Thomson <martin.thomson@gmail.com>	2017-05-22 10:38:02 +1000
committer	Martin Thomson <martin.thomson@gmail.com>	2017-05-22 10:38:02 +1000
commit	12b335ad28a8892f893910dea59c7635b5b7da89 (patch)
tree	deeb4bb4111cb34e5ec72ec8933b9bf538efd697 /lib/ssl/authcert.c
parent	7ad866c2aa378ee016d9f95785b483b713f68631 (diff)
download	nss-hg-12b335ad28a8892f893910dea59c7635b5b7da89.tar.gz