Split HAVE_TIME into HAVE_TIME + HAVE_TIME_DATE
First one means we have time() but it may not return the actual wall clock
time, second means it does.
diff --git a/ChangeLog b/ChangeLog
index b966832..efd0e03 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -87,6 +87,8 @@
(Thanks to Mansour Moufid for helping with the replacement.)
* Change SSL_DISABLE_RENEGOTIATION config.h flag to SSL_RENEGOTIATION
(support for renegotiation now needs explicit enabling in config.h).
+ * Split MBEDTLS_HAVE_TIME into MBEDTLS_HAVE_TIME and MBEDTLS_HAVE_TIME_DATE
+ in config.h
* net_connect() and net_bind() have a new 'proto' argument to choose
between TCP and UDP, using the macros NET_PROTO_TCP or NET_PROTO_UDP.
* Some constness fixes
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 5f620be..9fb870a 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -44,6 +44,10 @@
#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
#endif
+#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
+#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
+#endif
+
#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
#endif
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 02dd969..3c0fb13 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -67,13 +67,27 @@
/**
* \def MBEDTLS_HAVE_TIME
*
- * System has time.h and time() / localtime() / gettimeofday().
+ * System has time.h and time().
+ * The time does not need to be correct, only time differences are used,
+ * by contrast with MBEDTLS_HAVE_TIME_DATE
*
* Comment if your system does not support time functions
*/
#define MBEDTLS_HAVE_TIME
/**
+ * \def MBEDTLS_HAVE_TIME_DATE
+ *
+ * System has time.h and time(), gmtime() and the clock is correct.
+ * The time needs to be correct (not necesarily very accurate, but at least
+ * the date should be correct). This is used to verify the validity period of
+ * X.509 certificates.
+ *
+ * Comment if your system does not have a correct clock.
+ */
+#define MBEDTLS_HAVE_TIME_DATE
+
+/**
* \def MBEDTLS_PLATFORM_MEMORY
*
* Enable the memory allocation layer.
diff --git a/library/x509.c b/library/x509.c
index 2efa62f..0ca4b4a 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -874,11 +874,7 @@
return( 0 );
}
-/*
- * Return 0 if the mbedtls_x509_time is still valid, or 1 otherwise.
- */
-#if defined(MBEDTLS_HAVE_TIME)
-
+#if defined(MBEDTLS_HAVE_TIME_DATE)
static int x509_get_current_time( mbedtls_x509_time *now )
{
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
@@ -982,7 +978,7 @@
return( x509_check_time( from, &now ) );
}
-#else /* MBEDTLS_HAVE_TIME */
+#else /* MBEDTLS_HAVE_TIME_DATE */
int mbedtls_x509_time_is_past( const mbedtls_x509_time *to )
{
@@ -995,7 +991,7 @@
((void) from);
return( 0 );
}
-#endif /* MBEDTLS_HAVE_TIME */
+#endif /* MBEDTLS_HAVE_TIME_DATE */
#if defined(MBEDTLS_SELF_TEST)