]> granicus.if.org Git - openssl/commit
Don't use expired certificates if possible.
authorDr. Stephen Henson <steve@openssl.org>
Sat, 24 May 2014 22:55:19 +0000 (23:55 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 25 May 2014 03:50:15 +0000 (04:50 +0100)
commit0930251df814f3993bf2c598761e0c7c6d0d62a2
treef3e1c9cfaf47569bf8d767b911684b6d175f77af
parent6c21b860ba8f0de64c6e96972ef3c728728d01a0
Don't use expired certificates if possible.

When looking for the issuer of a certificate, if current candidate is
expired, continue looking. Only return an expired certificate if no valid
certificates are found.

PR#3359
crypto/x509/x509_lcl.h
crypto/x509/x509_lu.c
crypto/x509/x509_vfy.c