Merge duplicated checks between child() and top()
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 3e1877f..899660f 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2027,18 +2027,6 @@
(void) self_cnt;
- if( mbedtls_x509_time_is_past( &child->valid_to ) )
- *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
-
- if( mbedtls_x509_time_is_future( &child->valid_from ) )
- *flags |= MBEDTLS_X509_BADCERT_FUTURE;
-
- if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
- *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
-
- if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
- *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
-
/* Special case #1: no root, stop here */
if( trust_ca == NULL )
{
@@ -2114,6 +2102,18 @@
mbedtls_x509_crt *parent;
uint32_t parent_flags = 0;
+ if( mbedtls_x509_time_is_past( &child->valid_to ) )
+ *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
+
+ if( mbedtls_x509_time_is_future( &child->valid_from ) )
+ *flags |= MBEDTLS_X509_BADCERT_FUTURE;
+
+ if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
+ *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
+
+ if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
+ *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
+
/* Look for a parent in trusted CAs */
parent = x509_crt_find_parent( child, trust_ca, 1, path_cnt, self_cnt );
@@ -2146,18 +2146,6 @@
return( MBEDTLS_ERR_X509_FATAL_ERROR );
}
- if( mbedtls_x509_time_is_past( &child->valid_to ) )
- *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
-
- if( mbedtls_x509_time_is_future( &child->valid_from ) )
- *flags |= MBEDTLS_X509_BADCERT_FUTURE;
-
- if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
- *flags |= MBEDTLS_X509_BADCERT_BAD_MD;
-
- if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
- *flags |= MBEDTLS_X509_BADCERT_BAD_PK;
-
if( x509_crt_check_signature( child, parent ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;