From afbc34f0e03bea0ae83c792b7c35a541876b9a97 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 20 Dec 2012 15:56:57 -0800 Subject: [PATCH] changed polarity on ocsp thisDate check to allow very timely responses --- ctaocrypt/src/asn.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 785e49e50..c30263be2 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -4240,7 +4240,8 @@ static int DecodeSingleResponse(byte* source, if (GetBasicDate(source, &idx, cs->thisDate, &cs->thisDateFormat, size) < 0) return ASN_PARSE_E; - if (!ValidateDate(cs->thisDate, cs->thisDateFormat, BEFORE)) + /* Check thisDate <= now, or treat thisDate > now as a failure */ + if (ValidateDate(cs->thisDate, cs->thisDateFormat, AFTER)) return ASN_BEFORE_DATE_E; /* The following items are optional. Only check for them if there is more