Why don't we just dump all the hand-calculations of validity and let OpenSSL do the work? E.g., ``` bool IsValid() { now = time(NULL) int day, sec; if (1 != ASN1_TIME_diff(&day, &sec, cert_expiry_time, NULL)) { return false; } // Error... return (day > 0 || sec > 0); } ``` I don't see much value in hand-calculating timezone and DST offsets (which, quite obviously, have some bug somewhere) when there's an OpenSSL API function to do precisely this. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/985#issuecomment-802234959 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1