Fix check of date to respect VERIFY_SKIP_DATE in ASN.1 template

DecodeCertInternal was not recognizing VERIFY_SKIP_DATE.
2025-07-30 18:57:27 +02:00 · 2023-07-10 09:10:52 +10:00
parent 770590a3be
commit 52a3d591b5
2 changed files with 6 additions and 3 deletions
--- a/tests/api.c
+++ b/tests/api.c
@ -2037,7 +2037,8 @@ static int test_wolfSSL_CertManagerLoadCABuffer_ex(void)
 #elif defined(NO_RSA)
    ExpectIntEQ(ret, ASN_UNKNOWN_OID_E);
 #elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
-      !defined(NO_ASN_TIME)
+      !defined(NO_ASN_TIME) && defined(WOLFSSL_TRUST_PEER_CERT) && \
+      defined(OPENSSL_COMPATIBLE_DEFAULTS)
    ExpectIntEQ(ret, ASN_AFTER_DATE_E);
 #else
    ExpectIntEQ(ret, WOLFSSL_SUCCESS);
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -20818,7 +20818,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
        i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC].tag != 0)
                ? X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC
                : X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT;
-        if ((CheckDate(&dataASN[i], BEFORE) < 0) && verify) {
+        if ((CheckDate(&dataASN[i], BEFORE) < 0) && (verify != NO_VERIFY) &&
+                (verify != VERIFY_SKIP_DATE)) {
            badDate = ASN_BEFORE_DATE_E;
        }
        /* Store reference to BEFOREdate. */
@ -20829,7 +20830,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt,
        i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC].tag != 0)
                ? X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC
                : X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT;
-        if ((CheckDate(&dataASN[i], AFTER) < 0) && verify) {
+        if ((CheckDate(&dataASN[i], AFTER) < 0) && (verify != NO_VERIFY) &&
+                (verify != VERIFY_SKIP_DATE)) {
            badDate = ASN_AFTER_DATE_E;
        }
        /* Store reference to AFTER date. */