BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback

In the OCSP response callback, instead of using the actual date of the
system, the scheduler's 'now' timer is used when checking a response's
validity.

This patch can be backported to all stable versions.

diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index 9ad81b2..9e50799 100644 (file)
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -160,7 +160,7 @@ int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
        if (!ocsp ||
            !ocsp->response.area ||
            !ocsp->response.data ||
-           (ocsp->expire < now.tv_sec))
+           (ocsp->expire < date.tv_sec))
                return SSL_TLSEXT_ERR_NOACK;
 
        ssl_buf = OPENSSL_malloc(ocsp->response.data);