DNSName string
Intermediates *CertPool
Roots *CertPool
- CurrentTime int64 // if 0, the current system time is used.
+ CurrentTime time.Time // if zero, the current time is used
}
const (
// isValid performs validity checks on the c.
func (c *Certificate) isValid(certType int, opts *VerifyOptions) error {
- if opts.CurrentTime < c.NotBefore.Seconds() ||
- opts.CurrentTime > c.NotAfter.Seconds() {
+ now := opts.CurrentTime
+ if now.IsZero() {
+ now = time.Now()
+ }
+ if now.Before(c.NotBefore) || now.After(c.NotAfter) {
return CertificateInvalidError{c, Expired}
}
//
// WARNING: this doesn't do any revocation checking.
func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err error) {
- if opts.CurrentTime == 0 {
- opts.CurrentTime = time.Seconds()
- }
err = c.isValid(leafCertificate, &opts)
if err != nil {
return