From b619499eb3e01d9dc1647ee74c89dce56f7f87d7 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Sun, 16 Jan 2011 21:40:22 +0000
Subject: [PATCH]  - x509parse_time_expired() checks time now in addition to
 the existing date check

---
 ChangeLog           |  4 ++++
 library/x509parse.c | 21 +++++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 86dd340cf..b7d1f8231 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,10 @@ Note: Most of these features have been donated by Fox-IT
        + Added verification callback on certificate chain
          verification to allow external blacklisting
 
+Changes
+   * x509parse_time_expired() checks time in addition to
+     the existing date check
+
 = Version 0.14.0 released on 2010-08-16
 Features
    * Added support for SSL_EDH_RSA_AES_128_SHA and
diff --git a/library/x509parse.c b/library/x509parse.c
index 9c46b1c6f..62c29470a 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -2584,6 +2584,27 @@ int x509parse_time_expired( const x509_time *to )
         lt->tm_mday  > to->day )
         return( 1 );
 
+    if( lt->tm_year == to->year - 1900 &&
+        lt->tm_mon  == to->mon  - 1    &&
+        lt->tm_mday == to->day         &&
+        lt->tm_hour  > to->hour - 1)
+        return( 1 );
+
+    if( lt->tm_year == to->year - 1900 &&
+        lt->tm_mon  == to->mon  - 1    &&
+        lt->tm_mday == to->day         &&
+        lt->tm_hour == to->hour - 1    &&
+        lt->tm_min   > to->min  - 1 )
+        return( 1 );
+
+    if( lt->tm_year == to->year - 1900 &&
+        lt->tm_mon  == to->mon  - 1    &&
+        lt->tm_mday == to->day         &&
+        lt->tm_hour == to->hour - 1    &&
+        lt->tm_min  == to->min  - 1    &&
+        lt->tm_sec   > to->sec  - 1 )
+        return( 1 );
+
     return( 0 );
 }