1
0
mirror of https://github.com/golang/go synced 2024-11-19 18:54:41 -07:00

crypto/x509/pkix: consider now==NextUpdate to be expired.

If the current time is equal to the NextUpdate time, then the CRL
should be considered expired.

Fixes #22568.

Change-Id: I55bcc95c881097e826d43eb816a43b9b377b0265
Reviewed-on: https://go-review.googlesource.com/71972
Reviewed-by: Adam Langley <agl@golang.org>
Reviewed-by: Filippo Valsorda <hi@filippo.io>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This commit is contained in:
Anmol Sethi 2017-10-19 18:29:43 -04:00 committed by Brad Fitzpatrick
parent bb98331555
commit 03ed6ac2dc

View File

@ -247,9 +247,9 @@ type CertificateList struct {
SignatureValue asn1.BitString SignatureValue asn1.BitString
} }
// HasExpired reports whether now is past the expiry time of certList. // HasExpired reports whether certList should have been updated by now.
func (certList *CertificateList) HasExpired(now time.Time) bool { func (certList *CertificateList) HasExpired(now time.Time) bool {
return now.After(certList.TBSCertList.NextUpdate) return !now.Before(certList.TBSCertList.NextUpdate)
} }
// TBSCertificateList represents the ASN.1 structure of the same name. See RFC // TBSCertificateList represents the ASN.1 structure of the same name. See RFC