artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3b3ae6a) | patch
Check that the CMS signing-time isn't after the X.509 notAfter
authorjob <job@openbsd.org>
Mon, 13 Mar 2023 19:46:55 +0000 (19:46 +0000)
committerjob <job@openbsd.org>
Mon, 13 Mar 2023 19:46:55 +0000 (19:46 +0000)
commitdb13aa11f3bc16a0cd89fc826599dd04a111dc0d
treeb1849c0f29b5c4adc1b9e6439b8c5cce13a0df5atree | snapshot
parent3b3ae6ad563892d551b7794da23eb0a50b328591commit | diff
Check that the CMS signing-time isn't after the X.509 notAfter

The CMS signing-time is the purported 'now' from the perspective of the
issuer. It doesn't make sense for an issuer to sign objects that have a
validity window that falls entirely in the past (from the perspective of
the signer). Although CMS signing-time is not a trusted timestamp, it
should never be after X.509 notAfter.

OK tb@
usr.sbin/rpki-client/cms.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim