Hi Markus,
yes, the not-before and not-after dates are checked against the
local time on the FreeS/WAN host (actually the local time is
converted to UTC time before comparison). If the cert is not
valid yet or if the validity has expired then the certificate
and with it the public key is rejected. Since all public keys
are cached by Pluto (see ipsec auto --listpubkeys), the expiration
date of the public key which is equal to the not-after date
of the certificate it was extracted from, is checked shortly
before use. If the validity of the public key has expired then
it is deleted form the chained list of cached keys. Thus it
is not possible to use an expired public key.
Hope this helps
Andreas
======================================================================
Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
===============================================================[ZHW]==
> -----Original Message-----
> From: Markus Koellner [mailto:smshomey_at_gmx.de]
> Sent: Donnerstag, 27. Juni 2002 22:13
> To: Users FreeSwan IPSec
> Cc: Andreas Steffen
> Subject: X509Patch0.9.7 checks validity of cert ?
>
>
> Hi,
> just a short question without a special example:
>
> I'm using the X509Patch0.9.7 and i would like to know
> whether the patch on the freeswan side checks the time
> and date field within the sent peer certificate
> during the negotiation ?
>
> I know that the serial number of the cert is checked
> against the crl list but is the date ( notbefore-,
> notafter-field ) of the cert checked against the local
> time on the freeswan side whether it is valid ?
>
> I'm talking about the peer cert sent during the negotiation,
> not freeswan's own certificate.
>
> Bye
> Markus
>
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST