Use X509_cmp_current_time()

eggheads · Jul 9, 2024 · 3a3dc51 · 3a3dc51
1 parent 486705a
commit 3a3dc51
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/tls.c b/src/tls.c
@@ -111,8 +111,9 @@ static int ssl_seed(void)
 
 void verify_cert_expiry(int idx) {
   X509 *x509;
+
   if ((x509 = SSL_CTX_get0_certificate(ssl_ctx)) &&
-      (ASN1_TIME_cmp_time_t(X509_get0_notAfter(x509), time(NULL)) < 0)) {
+      (X509_cmp_current_time(X509_get_notAfter(x509)) < 0)) {
     if (idx) {
       dprintf(idx, "WARNING: SSL/TLS certificate %s expired\n", tls_certfile);
       dprintf(idx, "You can generate new certificates by running 'make sslcert' from the source directory\n\n");