On Thu, Dec 11, 2025 at 10:09 AM <[email protected]> wrote: > + if (OCSP_check_validity(thisupd, nextupd, OCSP_MAX_SKEW, -1) <= 0) { > + X509_STORE_CTX_set_error(ctx, X509_V_ERR_OCSP_NOT_YET_VALID); > + o = OCSP_STATUS_UNKNOWN; > + goto clean_certid; > + } > + if (OCSP_check_validity(thisupd, nextupd, OCSP_MAX_SKEW, OCSP_MAX_SKEW) > <= 0) { > + X509_STORE_CTX_set_error(ctx, X509_V_ERR_OCSP_HAS_EXPIRED); > + o = OCSP_STATUS_UNKNOWN; > + goto clean_certid; > + }
Oh, I had missed that. mod_ssl never checks both. Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
