NSS support for x509 certs

7 unit tests are failing at this point, but they're all TLS-related.
author: Nick Mathewson <nickm@torproject.org> 2018-08-13 14:54:35 -0400
committer: Nick Mathewson <nickm@torproject.org> 2018-08-22 16:11:45 -0400
commit: c567b8fcb4e4851d6db19946cce8c4d5e75535f5 (patch)
tree: 8bf8abfe334d38dccdbc40c36ba923e2a676206f /src/lib/tls/x509_openssl.c
parent: 7c5339677fd4d524a95bc8c18af223f710ca94e2 (diff)
download: tor-c567b8fcb4e4851d6db19946cce8c4d5e75535f5.tar.gz
tor-c567b8fcb4e4851d6db19946cce8c4d5e75535f5.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/tls/x509_openssl.c b/src/lib/tls/x509_openssl.c
index 43bd6b4d48..28a30b66e1 100644
--- a/src/lib/tls/x509_openssl.c
+++ b/src/lib/tls/x509_openssl.c
@@ -319,7 +319,8 @@ tor_tls_cert_is_valid(int severity,
   /* okay, the signature checked out right.  Now let's check the check the
    * lifetime. */
   if (tor_x509_check_cert_lifetime_internal(severity, cert->cert, now,
-                                   48*60*60, 30*24*60*60) < 0)
+                                            TOR_X509_PAST_SLOP,
+                                            TOR_X509_FUTURE_SLOP) < 0)
     goto bad;
 
   cert_key = X509_get_pubkey(cert->cert);
author	Nick Mathewson <nickm@torproject.org>	2018-08-13 14:54:35 -0400
committer	Nick Mathewson <nickm@torproject.org>	2018-08-22 16:11:45 -0400
commit	c567b8fcb4e4851d6db19946cce8c4d5e75535f5 (patch)
tree	8bf8abfe334d38dccdbc40c36ba923e2a676206f /src/lib/tls/x509_openssl.c
parent	7c5339677fd4d524a95bc8c18af223f710ca94e2 (diff)
download	tor-c567b8fcb4e4851d6db19946cce8c4d5e75535f5.tar.gz tor-c567b8fcb4e4851d6db19946cce8c4d5e75535f5.zip