diff options
| -rw-r--r-- | security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c index df7eccdd2..00aea748d 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c @@ -2968,6 +2968,8 @@ PKIX_PL_Cert_CheckValidity( { SECCertTimeValidity val; PRTime timeToCheck; + PKIX_Boolean allowOverride; + SECCertificateUsage requiredUsages; PKIX_ENTER(CERT, "PKIX_PL_Cert_CheckValidity"); PKIX_NULLCHECK_ONE(cert); @@ -2981,8 +2983,11 @@ PKIX_PL_Cert_CheckValidity( timeToCheck = PR_Now(); } - PKIX_CERT_DEBUG("\t\tCalling CERT_CheckCertValidTimes).\n"); - val = CERT_CheckCertValidTimes(cert->nssCert, timeToCheck, PKIX_FALSE); + requiredUsages = ((PKIX_PL_NssContext*)plContext)->certificateUsage; + allowOverride = + (PRBool)((requiredUsages & certificateUsageSSLServer) || + (requiredUsages & certificateUsageSSLServerWithStepUp)); + val = CERT_CheckCertValidTimes(cert->nssCert, timeToCheck, allowOverride); if (val != secCertTimeValid){ PKIX_ERROR(PKIX_CERTCHECKCERTVALIDTIMESFAILED); } |