Use UTC to heck certificate validity
diff --git a/ChangeLog b/ChangeLog
index 83f1528..0c18ff7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,7 @@
* x509_crt_info() now prints information about parsed extensions as well
* pk_verify() now returns a specific error code when the signature is valid
but shorter than the supplied length.
+ * Use UTC time to check certificate validity.
Security
* Avoid potential timing leak in ecdsa_sign() by blinding modular division.
diff --git a/library/x509.c b/library/x509.c
index 57de545..54623a0 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -627,7 +627,7 @@
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
SYSTEMTIME st;
- GetLocalTime(&st);
+ GetSystemTime(&st);
now->year = st.wYear;
now->mon = st.wMonth;
@@ -640,7 +640,7 @@
time_t tt;
tt = time( NULL );
- localtime_r( &tt, < );
+ gmtime_r( &tt, < );
now->year = lt.tm_year + 1900;
now->mon = lt.tm_mon + 1;