From: Dr. Stephen Henson <steve@openssl.org>
Date: Sun, 11 Dec 2011 16:39:25 +0000 (+0000)
Subject: detect and use older PKITS data
X-Git-Tag: master-post-reformat~2047
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=be16cc23c63043e3095a9f6c3bed38f284c5c32b

detect and use older PKITS data
---

diff --git a/test/pkits-test.pl b/test/pkits-test.pl
index 3f8579372b..5c6b89fcdb 100644
--- a/test/pkits-test.pl
+++ b/test/pkits-test.pl
@@ -784,8 +784,15 @@ my $ossl = "ossl/apps/openssl";
 
 my $ossl_cmd = "$ossl_path cms -verify -verify_retcode ";
 $ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict ";
-# Uncomment out following line to use older data (uses Dec 10 00:29:26 2010)
-# $ossl_cmd .= "-attime 1291940972 ";
+
+# Check for expiry of trust anchor
+system "$ossl_path x509 -inform DER -in $pkitsta -checkend 0";
+if ($? == 256)
+	{
+	print STDERR "WARNING: using older expired data\n";
+	$ossl_cmd .= "-attime 1291940972 ";
+	}
+
 $ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 ";
 
 system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem";