diff options
author | Martin Thomson <martin.thomson@gmail.com> | 2017-05-22 10:38:02 +1000 |
---|---|---|
committer | Martin Thomson <martin.thomson@gmail.com> | 2017-05-22 10:38:02 +1000 |
commit | 12b335ad28a8892f893910dea59c7635b5b7da89 (patch) | |
tree | deeb4bb4111cb34e5ec72ec8933b9bf538efd697 /lib/ssl/authcert.c | |
parent | 7ad866c2aa378ee016d9f95785b483b713f68631 (diff) | |
download | nss-hg-12b335ad28a8892f893910dea59c7635b5b7da89.tar.gz |
Bug 1295163 - Limit time-variation when accepting 0-RTT, r=ekr
Diffstat (limited to 'lib/ssl/authcert.c')
-rw-r--r-- | lib/ssl/authcert.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/ssl/authcert.c b/lib/ssl/authcert.c index 88c7c084a..2765c8342 100644 --- a/lib/ssl/authcert.c +++ b/lib/ssl/authcert.c @@ -17,6 +17,7 @@ #include "nss.h" #include "ssl.h" #include "pk11func.h" /* for PK11_ function calls */ +#include "sslimpl.h" /* * This callback used by SSL to pull client sertificate upon @@ -63,7 +64,7 @@ NSS_GetClientAuthData(void *arg, if (!cert) continue; /* Only check unexpired certs */ - if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) != + if (CERT_CheckCertValidTimes(cert, ssl_TimeUsec(), PR_TRUE) != secCertTimeValid) { CERT_DestroyCertificate(cert); continue; |