From f48de9579f562bd28fefb60925321eda9bc58530 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Tue, 8 Jul 2014 14:39:41 +0200
Subject: [PATCH] Use UTC to heck certificate validity

---
 ChangeLog           | 1 +
 library/x509parse.c | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index bb08fcd41..8c064ad4b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,7 @@ Changes
    * Work around a bug of the version of Clang shipped by Apple with Mavericks
      that prevented bignum.c from compiling. (Reported by Rafael Baptista.)
    * Improvements to tests/Makefile, contributed by Oden Eriksson.
+   * Use UTC time to check certificate validity.
 
 Security
    * Forbid change of server certificate during renegotiation to prevent
diff --git a/library/x509parse.c b/library/x509parse.c
index 085a3cfe8..f3e783152 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3083,7 +3083,7 @@ static void x509_get_current_time( x509_time *now )
 #if defined(_WIN32)
     SYSTEMTIME st;
 
-    GetLocalTime(&st);
+    GetSystemTime(&st);
 
     now->year = st.wYear;
     now->mon = st.wMonth;
@@ -3096,7 +3096,7 @@ static void x509_get_current_time( x509_time *now )
     time_t tt;
 
     tt = time( NULL );
-    localtime_r( &tt, &lt );
+    gmtime_r( &tt, &lt );
 
     now->year = lt.tm_year + 1900;
     now->mon = lt.tm_mon + 1;