glib-networking certificate activation time

From: Jay Bhaskar <jay bhaskar yahoo com>
To: "libsoup-list gnome org" <libsoup-list gnome org>
Subject: glib-networking certificate activation time
Date: Thu, 14 Mar 2019 02:47:59 +0000 (UTC)

Hi,

I have a doubt about G_TLS_CERTIFICATE_NOT_ACTIVATED flags from glib-networking.

static GTlsCertificateFlags
double_check_before_after_dates (GTlsCertificateGnutls *chain)
{
GTlsCertificateFlags gtls_flags = 0;
gnutls_x509_crt_t cert;
time_t t, now;

now = time (NULL);
while (chain)
    {
      cert = g_tls_certificate_gnutls_get_cert (chain);
      t = gnutls_x509_crt_get_activation_time (cert);
      if (t == (time_t) -1 || t > now)
        gtls_flags |= G_TLS_CERTIFICATE_NOT_ACTIVATED;

--------------------------------------

if system time time_t gives wrong time like 1 jan 1970, will the ssl handshake fails. what could be security issue if we would ignore this flags to be set.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]