During certificate verification in internal_verify() function if certificate signature and not before time are valid certificate is set valid. Subsequent call to verification process then assume signature and not before time valid without check them. If check time changes (decreased) before initial certificate validity the certificate is however assumed valid! I think that is ok to skip signature test (to avoid waste of time) but not before time check must be applied every time.
Francesco Petruzzi [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
