---
Hello *,
shouldn't CRLs with a validity starting date in the future, be
revoked?
Cheers,
Thomas
src/libstrongswan/plugins/openssl/openssl_crl.c | 2 +-
src/libstrongswan/plugins/x509/x509_crl.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 9a9efb2..5ae65b4 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -293,7 +293,7 @@ METHOD(certificate_t, get_validity, bool,
{
*not_after = this->nextUpdate;
}
- return t <= this->nextUpdate;
+ return (t <= this->nextUpdate && t >= this->thisUpdate);
}
METHOD(certificate_t, get_encoding, bool,
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index 7bcca16..d24b6cb 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -520,7 +520,7 @@ METHOD(certificate_t, get_validity, bool,
{
*not_after = this->nextUpdate;
}
- return (t <= this->nextUpdate);
+ return (t <= this->nextUpdate && t >= this->thisUpdate);
}
METHOD(certificate_t, get_encoding, bool,
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
