aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/x509v3.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/tls/x509v3.c')
-rw-r--r--src/tls/x509v3.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index bc93df6..347f975 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -1,6 +1,6 @@
/*
* X.509v3 certificate parsing and processing (RFC 3280 profile)
- * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -1834,7 +1834,7 @@ static int x509_valid_issuer(const struct x509_certificate *cert)
*/
int x509_certificate_chain_validate(struct x509_certificate *trusted,
struct x509_certificate *chain,
- int *reason)
+ int *reason, int disable_time_checks)
{
long unsigned idx;
int chain_trusted = 0;
@@ -1854,10 +1854,11 @@ int x509_certificate_chain_validate(struct x509_certificate *trusted,
if (chain_trusted)
continue;
- if ((unsigned long) now.sec <
- (unsigned long) cert->not_before ||
- (unsigned long) now.sec >
- (unsigned long) cert->not_after) {
+ if (!disable_time_checks &&
+ ((unsigned long) now.sec <
+ (unsigned long) cert->not_before ||
+ (unsigned long) now.sec >
+ (unsigned long) cert->not_after)) {
wpa_printf(MSG_INFO, "X509: Certificate not valid "
"(now=%lu not_before=%lu not_after=%lu)",
now.sec, cert->not_before, cert->not_after);