Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE
First one means we have time() but it may not return the actual wall clock
time, second means it does.
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 5f620be..9fb870a 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -44,6 +44,10 @@
#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
#endif
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
+#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
+#endif
+
#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
#endif
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 02dd969..3c0fb13 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -67,13 +67,27 @@
/**
* \def MBEDTLS_HAVE_TIME
*
- * System has time.h and time() / localtime() / gettimeofday().
+ * System has time.h and time().
+ * The time does not need to be correct, only time differences are used,
+ * by contrast with MBEDTLS_HAVE_TIME_DATE
*
* Comment if your system does not support time functions
*/
#define MBEDTLS_HAVE_TIME
/**
+ * \def MBEDTLS_HAVE_TIME_DATE
+ *
+ * System has time.h and time(), gmtime() and the clock is correct.
+ * The time needs to be correct (not necesarily very accurate, but at least
+ * the date should be correct). This is used to verify the validity period of
+ * X.509 certificates.
+ *
+ * Comment if your system does not have a correct clock.
+ */
+#define MBEDTLS_HAVE_TIME_DATE
+
+/**
* \def MBEDTLS_PLATFORM_MEMORY
*
* Enable the memory allocation layer.