Check that SCT timestamps are not in the future

Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1554)
author: Rob Percival <robpercival@google.com> 2016-09-08 16:02:46 +0100
committer: Rich Salz <rsalz@openssl.org> 2016-11-15 16:12:41 -0500
commit: 1fa9ffd934429f140edcfbaf76d2f32cc21e449b (patch)
tree: 6fb2ae2a0d3e11febb094acc8e3df03621000ab1 /ssl/ssl_lib.c
parent: 7b176a549ea374fc9b64c3fa7f0812239528b696 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a6360accea..b6f701536f 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4279,6 +4279,7 @@ int ssl_validate_ct(SSL *s)
     CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
     CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
     CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
+    CT_POLICY_EVAL_CTX_set_time(ctx, SSL_SESSION_get_time(SSL_get0_session(s)));
 
     scts = SSL_get0_peer_scts(s);
author	Rob Percival <robpercival@google.com>	2016-09-08 16:02:46 +0100
committer	Rich Salz <rsalz@openssl.org>	2016-11-15 16:12:41 -0500
commit	1fa9ffd934429f140edcfbaf76d2f32cc21e449b (patch)
tree	6fb2ae2a0d3e11febb094acc8e3df03621000ab1 /ssl/ssl_lib.c
parent	7b176a549ea374fc9b64c3fa7f0812239528b696 (diff)