Verify OCSP certificate by producedat time

metsma · metsma · commit a7a7f5a2fabe · 2015-06-15T12:26:38.000+03:00
IB-3995
diff --git a/src/crypto/OCSP.cpp b/src/crypto/OCSP.cpp
@@ -24,6 +24,7 @@
 #include "Conf.h"
 #include "crypto/OpenSSLHelpers.h"
 #include "crypto/X509CertStore.h"
+#include "util/DateTime.h"
 
 #include <algorithm>
 
@@ -442,6 +443,10 @@ void OCSP::verifyResponse(const X509Cert &cert) const
         }
     });
 
+    tm t = util::date::ASN1TimeToTM(producedAt());
+    X509_VERIFY_PARAM_set_time(store->param, util::date::mkgmtime(t));
+    X509_STORE_set_flags(store.get(), X509_V_FLAG_USE_CHECK_TIME);
+
     //X509_STORE_set_trust(store.get(), X509_TRUST_TRUSTED);
     //X509_STORE_set_purpose(store.get(), NID_OCSP_sign);
 
diff --git a/src/util/DateTime.cpp b/src/util/DateTime.cpp
@@ -127,7 +127,11 @@ time_t digidoc::util::date::string2time_t(const string &time)
         ,0
 #endif
     };
+    return mkgmtime(t);
+}
 
+time_t digidoc::util::date::mkgmtime(struct tm &t)
+{
 #ifdef _WIN32
     return _mkgmtime(&t);
 #else
diff --git a/src/util/DateTime.h b/src/util/DateTime.h
@@ -30,6 +30,7 @@ namespace digidoc
     {
         namespace date
         {
+            time_t mkgmtime(struct tm &t);
             tm ASN1TimeToTM(const std::string &date);
             std::string xsd2string(const xml_schema::DateTime &time);
             time_t string2time_t(const std::string &time);

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@ namespace digidoc`
`30`	`30`	`{`
`31`	`31`	`namespace date`
`32`	`32`	`{`
	`33`	`+ time_t mkgmtime(struct tm &t);`
`33`	`34`	`tm ASN1TimeToTM(const std::string &date);`
`34`	`35`	`std::string xsd2string(const xml_schema::DateTime &time);`
`35`	`36`	`time_t string2time_t(const std::string &time);`