From 6a3fc2808e8ca9029d4af20052cfa949894be87a Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sat, 6 Jul 2013 16:48:06 +0200
Subject: make sure that a valid number of days is entered

---
 src/certtool.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/certtool.c b/src/certtool.c
index 9cd72cae77..04566ca9d4 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -240,6 +240,7 @@ generate_certificate (gnutls_privkey_t * ret_key,
   int ret;
   int client;
   int days, result, ca_status = 0, is_ike = 0, path_len;
+  time_t secs, now;
   int vers;
   unsigned int usage = 0, server;
   gnutls_x509_crq_t crq;        /* request */
@@ -329,11 +330,17 @@ generate_certificate (gnutls_privkey_t * ret_key,
 
   gnutls_x509_crt_set_activation_time (crt, time (NULL));
 
-  days = get_days ();
+  now = time(NULL);
+  
+  do 
+    {
+      days = get_days ();
+      secs = days * 24 * 60 * 60 + now;
+    }
+  while (secs < now || (unsigned)(secs-now)/(24*60*60) != (unsigned)days);
 
   result =
-    gnutls_x509_crt_set_expiration_time (crt,
-                                         time (NULL) + ((time_t) days) * 24 * 60 * 60);
+    gnutls_x509_crt_set_expiration_time (crt, secs);
   if (result < 0)
     error (EXIT_FAILURE, 0, "set_expiration: %s", gnutls_strerror (result));
 
-- 
cgit v1.2.1