From: Andreas Steffen Date: Sat, 19 May 2007 19:46:13 +0000 (-0000) Subject: fixed nextUpdate and until behaviour in the non-strict case X-Git-Tag: 4.1.3~37 X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=3388e7674d5f6005ece59d706eb66418f8cd72ba;ds=sidebyside fixed nextUpdate and until behaviour in the non-strict case --- diff --git a/src/charon/config/credentials/local_credential_store.c b/src/charon/config/credentials/local_credential_store.c index 58026a9..48fb1c8 100644 --- a/src/charon/config/credentials/local_credential_store.c +++ b/src/charon/config/credentials/local_credential_store.c @@ -618,8 +618,6 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f cert_status_t status; certinfo_t *certinfo = certinfo_create(cert->get_serialNumber(cert)); - certinfo->set_nextUpdate(certinfo, until); - if (pathlen == 0) { /* add any crl and ocsp uris contained in the certificate under test */ @@ -645,8 +643,14 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f switch (status) { case CERT_GOOD: - /* set nextUpdate */ - cert->set_until(cert, nextUpdate); + /* with strict crl policy the public key must have the same + * lifetime as the validity of the ocsp status or crl lifetime + */ + if (strict) + { + cert->set_until(cert, nextUpdate); + until = (nextUpdate < until)? nextUpdate : until; + } /* if status information is stale */ if (strict && nextUpdate < time(NULL)) @@ -656,12 +660,6 @@ static bool verify(private_local_credential_store_t *this, x509_t *cert, bool *f return FALSE; } DBG1(DBG_CFG, "certificate is good"); - - /* with strict crl policy the public key must have the same - * lifetime as the validity of the ocsp status or crl lifetime - */ - if (strict && nextUpdate < until) - until = nextUpdate; break; case CERT_REVOKED: {