-@@ -1653,6 +1653,10 @@\r
- \r
- static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r
- {\r
-+#ifdef OPENSSL_SYS_UEFI\r
-+ /* Bypass Certificate Time Checking for UEFI version. */\r
-+ return 1;\r
-+#else\r
- time_t *ptime;\r
- int i;\r
- \r
-@@ -1692,6 +1696,7 @@\r
- }\r
- \r
- return 1;\r
-+#endif\r
- }\r
- \r
- static int internal_verify(X509_STORE_CTX *ctx)\r
+@@ -935,6 +935,8 @@\r
+ ctx->current_crl = crl;\r
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
+ ptime = &ctx->param->check_time;\r
++ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
++ return 1;\r
+ else\r
+ ptime = NULL;\r
+ \r
+@@ -1658,6 +1660,8 @@\r
+ \r
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)\r
+ ptime = &ctx->param->check_time;\r
++ else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)\r
++ return 1;\r
+ else\r
+ ptime = NULL;\r
+ \r
+diff U3 crypto/x509/x509_vfy.h crypto/x509/x509_vfy.h\r
+--- crypto/x509/x509_vfy.h Thu Jul 09 19:57:16 2015\r
++++ crypto/x509/x509_vfy.h Thu Oct 29 14:05:57 2015\r
+@@ -438,6 +438,8 @@\r
+ * will force the behaviour to match that of previous versions.\r
+ */\r
+ # define X509_V_FLAG_NO_ALT_CHAINS 0x100000\r
++/* Do not check certificate/CRL validity against current time */\r
++# define X509_V_FLAG_NO_CHECK_TIME 0x200000\r
+ \r
+ # define X509_VP_FLAG_DEFAULT 0x1\r
+ # define X509_VP_FLAG_OVERWRITE 0x2\r
projects / mirror_edk2.git / commitdiff