diff options
author | Rob Percival <robpercival@google.com> | 2016-09-08 16:02:46 +0100 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-11-15 16:12:41 -0500 |
commit | 1fa9ffd934429f140edcfbaf76d2f32cc21e449b (patch) | |
tree | 6fb2ae2a0d3e11febb094acc8e3df03621000ab1 /ssl/ssl_lib.c | |
parent | 7b176a549ea374fc9b64c3fa7f0812239528b696 (diff) |
Check that SCT timestamps are not in the future
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a6360accea..b6f701536f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4279,6 +4279,7 @@ int ssl_validate_ct(SSL *s) CT_POLICY_EVAL_CTX_set1_cert(ctx, cert); CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer); CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store); + CT_POLICY_EVAL_CTX_set_time(ctx, SSL_SESSION_get_time(SSL_get0_session(s))); scts = SSL_get0_peer_scts(s); |