Fix CRL time comparison. (3dc160e9) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/x509/x509_vfy.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -1130,7 +1130,11 @@ static int get_crl_sk(X509_STORE_CTX ctx, X509_CRL pcrl, X509_CRL *pdcrl,
		if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
		X509_CRL_get_lastUpdate(crl)) == 0)
		continue;
		if (day < 0 \|\| sec <= 0)
		/*
		* ASN1_TIME_diff never returns inconsistent signs for \|day\|
		* and \|sec\|.
		*/
		if (day <= 0 && sec <= 0)
		continue;
		}
		best_crl = crl;