Skip to content

Commit

Permalink
crypto/x509/pkix: consider now==NextUpdate to be expired.
Browse files Browse the repository at this point in the history 
If the current time is equal to the NextUpdate time, then the CRL
should be considered expired.

Fixes #22568.

Change-Id: I55bcc95c881097e826d43eb816a43b9b377b0265
Reviewed-on: https://go-review.googlesource.com/71972
Reviewed-by: Adam Langley <agl@golang.org>
Reviewed-by: Filippo Valsorda <hi@filippo.io>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
  • Loading branch information
@nhooyr @bradfitz
nhooyr authored and bradfitz committed Nov 6, 2017
1 parent bb98331 commit 03ed6ac
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/crypto/x509/pkix/pkix.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,9 +247,9 @@ type CertificateList struct {
SignatureValue asn1.BitString
}

// HasExpired reports whether now is past the expiry time of certList.
// HasExpired reports whether certList should have been updated by now.
func (certList *CertificateList) HasExpired(now time.Time) bool {
return now.After(certList.TBSCertList.NextUpdate)
return !now.Before(certList.TBSCertList.NextUpdate)
}

// TBSCertificateList represents the ASN.1 structure of the same name. See RFC
Expand Down

0 comments on commit 03ed6ac

Please sign in to comment.