diff options
| author | Roger Dingledine <arma@torproject.org> | 2003-11-11 04:08:30 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2003-11-11 04:08:30 +0000 |
| commit | 3d19a9b514afc65701e0d59820e344b696284a21 (patch) | |
| tree | fda22e8ded235fbfc4fe5898e9a5f3ba72e441f0 | |
| parent | 7bde42676b0e25ed422f842e82169375cd13fc5e (diff) | |
| download | tor-3d19a9b514afc65701e0d59820e344b696284a21.tar.gz tor-3d19a9b514afc65701e0d59820e344b696284a21.zip | |
fix a bug in handling clock skew
svn:r785
| -rw-r--r-- | src/common/tortls.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index 181e6df7f9..883d99410c 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -518,12 +518,12 @@ tor_tls_verify(tor_tls *tls) return NULL; now = time(NULL); - t = now - CERT_ALLOW_SKEW; + t = now + CERT_ALLOW_SKEW; if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) { log_fn(LOG_WARN,"Certificate becomes valid in the future: possible clock skew."); goto done; } - t = now + CERT_ALLOW_SKEW; + t = now - CERT_ALLOW_SKEW; if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) { log_fn(LOG_WARN,"Certificate already expired; possible clock skew."); goto done; |