Reject certs and CRLs from the future

2026-02-19 00:39:46 +00:00 · 2014-03-10 13:15:18 +01:00
parent 6304f786e0
commit 9533765b25
5 changed files with 56 additions and 6 deletions
--- a/1
+++ b/1
@@ -18,6 +18,7 @@ Security
   * Forbid change of server certificate during renegotiation to prevent
     "triple handshake" attack when authentication mode is optional (the
     attack was already impossible when authentication is required).
+   * Check notBefore timestamp of certificates and CRLs from the future.

 Bugfix
   * ecp_gen_keypair() does more tries to prevent failure because of