x509: Fail CRL validity check if thisUpdate is in the future
authorTobias Brunner <tobias@strongswan.org>
Wed, 25 Apr 2018 09:37:43 +0000 (11:37 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 22 May 2018 07:50:47 +0000 (09:50 +0200)
src/libstrongswan/plugins/x509/x509_crl.c

index 5c5010b..95cb11c 100644 (file)
@@ -546,7 +546,7 @@ METHOD(certificate_t, get_validity, bool,
        {
                *not_after = this->nextUpdate;
        }
-       return (t <= this->nextUpdate);
+       return (t >= this->thisUpdate && t <= this->nextUpdate);
 }
 
 METHOD(certificate_t, get_encoding, bool,