diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-09-07 09:10:20 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-09-08 08:55:55 +0200 |
| commit | f6821a90f7ea803feb857790537c25d92ffcc340 (patch) | |
| tree | 6d6241684d3f896182a6dce7cd4a038c41e3b20d /lib | |
| parent | 77039f38a687ff1beac6535ef7815c39b5d78694 (diff) | |
| download | gnutls-f6821a90f7ea803feb857790537c25d92ffcc340.tar.gz | |
gnutls_x509_crl_verify: check next update field for presence
If not present do not attempt to utilize its value.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/x509/verify.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 66e49d60d8..26b1ab3f44 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -1562,6 +1562,7 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer = NULL; int result, sigalg; time_t now = gnutls_time(0); + time_t nextu; unsigned int usage; if (verify) @@ -1677,7 +1678,8 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, if (gnutls_x509_crl_get_this_update(crl) > now && verify) *verify |= GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE; - if (gnutls_x509_crl_get_next_update(crl) < now && verify) + nextu = gnutls_x509_crl_get_next_update(crl); + if (nextu != -1 && nextu < now && verify) *verify |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED; |