Why don't we just dump all the hand-calculations of validity and let OpenSSL do the work? E.g.,
```
bool IsValid() {
now = time(NULL)
int day, sec;
if (1 != ASN1_TIME_diff(&day, &sec, cert_expiry_time, NULL)) { return false; } // Error...
return (day > 0 || sec > 0);
}
```
I don't see much value in hand-calculating timezone and DST offsets (which, quite obviously, have some bug somewhere) when there's an OpenSSL API function to do precisely this.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/issues/985#issuecomment-802234959
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
