Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / c55524ad84d13014e8019491c2b17e5dcf13545a^! / . / src / tls / x509v3.c
commitc55524ad84d13014e8019491c2b17e5dcf13545a[log] [tgz]
authorDmitry Shmidt <dimitrysh@google.com>Thu Jul 07 11:18:38 2011 -0700
committerDmitry Shmidt <dimitrysh@google.com>Thu Jul 07 11:23:25 2011 -0700
tree3c1a0f04ed12cadca7312b1b6f3f0c0caa6018ca
parent13970b010f3e5b274336677311a5586410ecc8fa [diff] [blame]
Accumulative patch from commit 8fd0f0f323a922aa88ec720ee524f7105d3b0f64

Fix D-Bus build without CONFIG_P2P=y
nl80211: Allow AP mode to be started without monitor interface
nl80211: Process association/disassociation events in AP mode
DBus/P2P: Adding decl for PersistentGroupRemoved signal
DBus/P2P: Rectified type of SecondaryDeviceTypes in device property Get
P2P: Only call dev_lost() for devices that have been dev_found()
wpa_cli: Add missing parameter for P2P_GROUP_ADD command
wpa_supplicant: Respect PKG_CONFIG variable if set in the environment
TLS: Add support for tls_disable_time_checks=1 in client mode
hostapd: Clear keys configured when hostapd reloads configuration
Add dbus signal for information about server certification
Move peer certificate wpa_msg() calls to notify.c
wpa_supplicant AP: Disable AP mode on disassoc paths
wpa_s AP mode: Enable HT20 if driver supports it
Allow PMKSA caching to be disabled on Authenticator
FT: Disable PMKSA cache for FT-IEEE8021X
FT: Clear SME ft_used/ft_ies when disconnecting
	8fd0f0f323a922aa88ec720ee524f7105d3b0f64

Change-Id: I6ae333196c36ffa7589662d5269fabfc3b994605
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index bc93df6..347f975 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c

@@ -1,6 +1,6 @@
 /*
  * X.509v3 certificate parsing and processing (RFC 3280 profile)
- * Copyright (c) 2006-2007, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
@@ -1834,7 +1834,7 @@
  */
 int x509_certificate_chain_validate(struct x509_certificate *trusted,
 				    struct x509_certificate *chain,
-				    int *reason)
+				    int *reason, int disable_time_checks)
 {
 	long unsigned idx;
 	int chain_trusted = 0;
@@ -1854,10 +1854,11 @@
 		if (chain_trusted)
 			continue;
 
-		if ((unsigned long) now.sec <
-		    (unsigned long) cert->not_before ||
-		    (unsigned long) now.sec >
-		    (unsigned long) cert->not_after) {
+		if (!disable_time_checks &&
+		    ((unsigned long) now.sec <
+		     (unsigned long) cert->not_before ||
+		     (unsigned long) now.sec >
+		     (unsigned long) cert->not_after)) {
 			wpa_printf(MSG_INFO, "X509: Certificate not valid "
 				   "(now=%lu not_before=%lu not_after=%lu)",
 				   now.sec, cert->not_before, cert->not_after);