Reject certs and CRLs from the future

commit: 50a5c53398b5ffc3cc997a8c7d432a025c8de2f3 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Tue Jul 08 10:59:10 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Jul 08 10:59:10 2014 +0200
tree: fc2d276027caa94a1e6fe6274e076b07ebb3f8f0
parent: 0d844dd650536c19c13b67cbad82efcffd6a8d4a [diff] [blame]
diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 9cc757b..1dbc40d 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h

@@ -80,6 +80,9 @@
 #define BADCERT_MISSING             0x40  /**< Certificate was missing. */
 #define BADCERT_SKIP_VERIFY         0x80  /**< Certificate verification was skipped. */
 #define BADCERT_OTHER             0x0100  /**< Other reason (can be used by verify callback) */
+#define BADCERT_FUTURE            0x0200  /**< The certificate validity starts in the future. */
+#define BADCRL_FUTURE             0x0400  /**< The CRL is from the future */
+
 /* \} name */
 /* \} addtogroup x509_module */
commit	50a5c53398b5ffc3cc997a8c7d432a025c8de2f3	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Tue Jul 08 10:59:10 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Jul 08 10:59:10 2014 +0200
tree	fc2d276027caa94a1e6fe6274e076b07ebb3f8f0
parent	0d844dd650536c19c13b67cbad82efcffd6a8d4a [diff] [blame]