Reject certificates with times not in UTC

commit: 9655e4597a2248c881eb9c1828b7169153d3eeb7 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Apr 11 12:29:49 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Fri Apr 11 13:59:36 2014 +0200
tree: b9938b7bc523b51515c8db0e7ed3ea4b6dda3cf5
parent: 0776a437885cc28671c55862ee8e7631d9919476 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 0c18ff7..694cfc3 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -17,6 +17,7 @@
    * pk_verify() now returns a specific error code when the signature is valid
      but shorter than the supplied length.
    * Use UTC time to check certificate validity.
+   * Reject certificates with times not in UTC, per RFC 5280.
 
 Security
    * Avoid potential timing leak in ecdsa_sign() by blinding modular division.
commit	9655e4597a2248c881eb9c1828b7169153d3eeb7	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Apr 11 12:29:49 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Fri Apr 11 13:59:36 2014 +0200
tree	b9938b7bc523b51515c8db0e7ed3ea4b6dda3cf5
parent	0776a437885cc28671c55862ee8e7631d9919476 [diff] [blame]