mirror of
https://github.com/cuberite/polarssl.git
synced 2025-08-20 11:06:13 -04:00
fc794ff2b7
Fixes a regression introduced by an earlier commit that modified x509_crt_verify_top() to ensure that valid certificates that are after past or future valid in the chain are processed. However the change introduced a change in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the verification regardless of the cause. The fix maintains both behaviours: * Ensure that valid certificates after future and past are verified * Ensure that the correct verification flags are set.