From ec0abe4ab567b76ef3c7ef26bdf761753bb3a87f Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Fri, 2 Oct 2009 20:14:09 +0200
Subject: added some notBefore/notAfter debugging info

---
 src/libstrongswan/plugins/x509/x509_ac.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index 7ce2800c2..878406a71 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -804,7 +804,19 @@ static bool get_validity(private_x509_ac_t *this, time_t *when,
 	{
 		*not_after = this->notAfter;
 	}
-	return (t >= this->notBefore && t <= this->notAfter);
+	if (t < this->notBefore)
+	{
+		DBG1("attribute certificate is not valid before %T",
+			 this->notBefore, TRUE);
+		return FALSE;
+	}
+	if (t > this->notAfter)
+	{
+		DBG1("attribute certificate expired on %T",
+			 this->notAfter, TRUE);
+		return FALSE;
+	}
+	return TRUE;
 }
 
 /**
-- 
cgit v1.2.3