aboutsummaryrefslogtreecommitdiffstats
path: root/src/x509stor.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2008-05-02 05:37:28 +0000
committerlloyd <[email protected]>2008-05-02 05:37:28 +0000
commit2088b737da27bf8bf035837ae4ea3e4f3c4b0bc0 (patch)
tree8a89b4a48847dedbfcedd5ecbb6e68dc5b29c8cb /src/x509stor.cpp
parent250cb392d6bdd29adea28b0f9a5562a880656dca (diff)
Remove Config::option_as_time, instead call timespec_to_u32bit in
each caller.
Diffstat (limited to 'src/x509stor.cpp')
-rw-r--r--src/x509stor.cpp23
1 files changed, 13 insertions, 10 deletions
diff --git a/src/x509stor.cpp b/src/x509stor.cpp
index 834fe526b..dcbc31942 100644
--- a/src/x509stor.cpp
+++ b/src/x509stor.cpp
@@ -171,7 +171,12 @@ bool X509_Store::CRL_Data::operator<(const X509_Store::CRL_Data& other) const
X509_Store::X509_Store()
{
revoked_info_valid = true;
- time_slack = global_config().option_as_time("x509/validity_slack");
+
+ time_slack = timespec_to_u32bit(
+ global_config().option("x509/validity_slack"));
+
+ validation_cache_timeout = timespec_to_u32bit(
+ global_config().option("x509/cache_verify_results"));
}
/*************************************************
@@ -305,7 +310,7 @@ X509_Code X509_Store::construct_cert_chain(const X509_Certificate& end_cert,
return CERT_ISSUER_NOT_FOUND;
indexes.push_back(parent);
- if(certs[parent].is_verified())
+ if(certs[parent].is_verified(validation_cache_timeout))
if(certs[parent].verify_result() != VERIFIED)
return certs[parent].verify_result();
@@ -334,7 +339,7 @@ X509_Code X509_Store::construct_cert_chain(const X509_Certificate& end_cert,
const u32bit cert = indexes.back();
- if(certs[cert].is_verified())
+ if(certs[cert].is_verified(validation_cache_timeout))
{
if(certs[cert].verify_result() != VERIFIED)
throw Internal_Error("X509_Store::construct_cert_chain");
@@ -359,7 +364,7 @@ X509_Code X509_Store::construct_cert_chain(const X509_Certificate& end_cert,
X509_Code X509_Store::check_sig(const Cert_Info& cert_info,
const Cert_Info& ca_cert_info) const
{
- if(cert_info.is_verified())
+ if(cert_info.is_verified(validation_cache_timeout))
return cert_info.verify_result();
const X509_Certificate& cert = cert_info.cert;
@@ -431,7 +436,8 @@ void X509_Store::recompute_revoked_info() const
for(u32bit j = 0; j != certs.size(); ++j)
{
- if((certs[j].is_verified()) && (certs[j].verify_result() != VERIFIED))
+ if((certs[j].is_verified(validation_cache_timeout)) &&
+ (certs[j].verify_result() != VERIFIED))
continue;
if(is_revoked(certs[j].cert))
@@ -673,19 +679,16 @@ bool X509_Store::Cert_Info::is_trusted() const
/*************************************************
* Check if this certificate has been verified *
*************************************************/
-bool X509_Store::Cert_Info::is_verified() const
+bool X509_Store::Cert_Info::is_verified(u32bit timeout) const
{
if(!checked)
return false;
if(result != VERIFIED && result != CERT_NOT_YET_VALID)
return true;
- const u32bit CACHE_TIME =
- global_config().option_as_time("x509/cache_verify_results");
-
const u64bit current_time = system_time();
- if(current_time > last_checked + CACHE_TIME)
+ if(current_time > last_checked + timeout)
checked = false;
return checked;