crypto/x509/pkix: consider now==NextUpdate to be expired.

If the current time is equal to the NextUpdate time, then the CRL should be considered expired. Fixes #22568. Change-Id: I55bcc95c881097e826d43eb816a43b9b377b0265 Reviewed-on: https://go-review.googlesource.com/71972Reviewed-by: Adam Langley <agl@golang.org> Reviewed-by: Filippo Valsorda <hi@filippo.io> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>

crypto/x509/pkix: consider now==NextUpdate to be expired.
If the current time is equal to the NextUpdate time, then the CRL should be considered expired. Fixes #22568. Change-Id: I55bcc95c881097e826d43eb816a43b9b377b0265 Reviewed-on: https://go-review.googlesource.com/71972Reviewed-by: Adam Langley <agl@golang.org> Reviewed-by: Filippo Valsorda <hi@filippo.io> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
03ed6ac2 · Anmol Sethi · Brad Fitzpatrick · bb983315 · 03ed6ac2
Commit 03ed6ac2 authored Oct 19, 2017 by Anmol Sethi Committed by Brad Fitzpatrick Nov 06, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

src/crypto/x509/pkix/pkix.go src/crypto/x509/pkix/pkix.go +2 -2

No files found.
--- a/src/crypto/x509/pkix/pkix.go
+++ b/src/crypto/x509/pkix/pkix.go
@@ -247,9 +247,9 @@ type CertificateList struct {
 	SignatureValue     asn1.BitString
 }

-// HasExpired reports whether now is past the expiry time of certList.
+// HasExpired reports whether certList should have been updated by now.
 func (certList *CertificateList) HasExpired(now time.Time) bool {
-	return now.After(certList.TBSCertList.NextUpdate)
+	return !now.Before(certList.TBSCertList.NextUpdate)
 }

 // TBSCertificateList represents the ASN.1 structure of the same name. See RFC