зеркало из https://github.com/mozilla/pjs.git
Use "slop time" in nextUpdate validity check for CRLs. Bug 242146.
r=julien.pierre
This commit is contained in:
Родитель
df07cea047
Коммит
9dc64ba0b2
|
@ -38,7 +38,7 @@
|
||||||
* Implementation of OCSP services, for both client and server.
|
* Implementation of OCSP services, for both client and server.
|
||||||
* (XXX, really, mostly just for client right now, but intended to do both.)
|
* (XXX, really, mostly just for client right now, but intended to do both.)
|
||||||
*
|
*
|
||||||
* $Id: ocsp.c,v 1.19 2004-04-25 15:03:03 gerv%gerv.net Exp $
|
* $Id: ocsp.c,v 1.20 2004-05-22 01:03:26 nelsonb%netscape.com Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "prerror.h"
|
#include "prerror.h"
|
||||||
|
@ -2992,8 +2992,9 @@ ocsp_VerifySingleResponse(CERTOCSPSingleResponse *single,
|
||||||
/* allow slop time for future response */
|
/* allow slop time for future response */
|
||||||
LL_UI2L(tmstamp, ocspsloptime); /* get slop time in seconds */
|
LL_UI2L(tmstamp, ocspsloptime); /* get slop time in seconds */
|
||||||
LL_UI2L(tmp, PR_USEC_PER_SEC);
|
LL_UI2L(tmp, PR_USEC_PER_SEC);
|
||||||
LL_MUL(tmstamp, tmstamp, tmp); /* convert the slop time to PRTime */
|
LL_MUL(tmp, tmstamp, tmp); /* convert the slop time to PRTime */
|
||||||
LL_ADD(tmstamp, tmstamp, now); /* add current time to it */
|
LL_ADD(tmstamp, tmp, now); /* add current time to it */
|
||||||
|
|
||||||
if (LL_CMP(thisUpdate, >, tmstamp) || LL_CMP(producedAt, <, thisUpdate)) {
|
if (LL_CMP(thisUpdate, >, tmstamp) || LL_CMP(producedAt, <, thisUpdate)) {
|
||||||
PORT_SetError(SEC_ERROR_OCSP_FUTURE_RESPONSE);
|
PORT_SetError(SEC_ERROR_OCSP_FUTURE_RESPONSE);
|
||||||
return SECFailure;
|
return SECFailure;
|
||||||
|
@ -3003,7 +3004,8 @@ ocsp_VerifySingleResponse(CERTOCSPSingleResponse *single,
|
||||||
if (rv != SECSuccess)
|
if (rv != SECSuccess)
|
||||||
return rv;
|
return rv;
|
||||||
|
|
||||||
if (LL_CMP(nextUpdate, <, now) || LL_CMP(producedAt, >, nextUpdate)) {
|
LL_ADD(tmp, tmp, nextUpdate);
|
||||||
|
if (LL_CMP(tmp, <, now) || LL_CMP(producedAt, >, nextUpdate)) {
|
||||||
PORT_SetError(SEC_ERROR_OCSP_OLD_RESPONSE);
|
PORT_SetError(SEC_ERROR_OCSP_OLD_RESPONSE);
|
||||||
return SECFailure;
|
return SECFailure;
|
||||||
}
|
}
|
||||||
|
|
Загрузка…
Ссылка в новой задаче