Use UTC to heck certificate validity

0776a437 · Manuel Pégourié-Gonnard · Paul Bakker · 52c5af7d · 0776a437 · 0776a437
Commit 0776a437 authored Apr 11, 2014 by Manuel Pégourié-Gonnard Committed by Paul Bakker Apr 11, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

ChangeLog ChangeLog +1 -0

library/x509.c library/x509.c +2 -2

No files found.
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,7 @@ Changes
   * x509_crt_info() now prints information about parsed extensions as well
   * pk_verify() now returns a specific error code when the signature is valid
     but shorter than the supplied length.
+   * Use UTC time to check certificate validity.

 Security
   * Avoid potential timing leak in ecdsa_sign() by blinding modular division.

--- a/library/x509.c
+++ b/library/x509.c
@@ -627,7 +627,7 @@ static void x509_get_current_time( x509_time *now )
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
    SYSTEMTIME st;

-    GetLocalTime(&st);
+    GetSystemTime(&st);

    now->year = st.wYear;
    now->mon = st.wMonth;
@@ -640,7 +640,7 @@ static void x509_get_current_time( x509_time *now )
    time_t tt;

    tt = time( NULL );
-    localtime_r( &tt, &lt );
+    gmtime_r( &tt, &lt );

    now->year = lt.tm_year + 1900;
    now->mon = lt.tm_mon + 1;