Check not only the notAfter field, but also the notBefore field of certs and CRLs.

mpeylo / cmpossl

An OpenSSL-based implementation of the Certificate Management Protocol (CMP), defined in IETF RFCs 4210, 4211, and 6712. It is being extended according to the emerging RFCs 'CMP Updates' (CMPv3), 'CMP Algorithms', and 'Lightweight CMP Profile'.

https://github.com/mpeylo/cmpossl/wiki

Other

35 stars 13 forks source link

Check not only the notAfter field, but also the notBefore field of certs and CRLs. #172

Closed DDvO closed 5 years ago

DDvO commented 5 years ago

This is the first chunk extracted from #170. Extends OSSL_CMP_expired() to OSSL_CMP_cmp_timeframe(), checking not only the notAfter field, but also the notBefore field of certs and CRLs.

Checklist

[x] documentation is added or updated
[ ] tests are added or updated

DDvO commented 5 years ago

@Akretsch, can you please take over reviewing this, trying out if it compiles and merging it if all good.