From 7918bbe7fc4c704ef79ebd2fb58871cb3fa8c3f6 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Mon, 26 May 2008 15:11:00 +0200
Subject: fixed wrong cert expiration date check

---
 runtime/nsd_gtls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'runtime')

diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index 5c82d082..76f37c94 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -828,7 +828,7 @@ gtlsChkPeerCertValidity(nsd_gtls_t *pThis)
 		ttCert = gnutls_x509_crt_get_expiration_time(cert);
 		if(ttCert == -1)
 			ABORT_FINALIZE(RS_RET_TLS_CERT_ERR);
-		else if(ttCert > ttNow) {
+		else if(ttCert < ttNow) {
 			errmsg.LogError(NO_ERRCODE, "not permitted to talk to peer: certificate %d expired", i);
 			gtlsGetCertInfo(pThis, &pStr);
 			errmsg.LogError(NO_ERRCODE, "info on invalid cert: %s", rsCStrGetSzStr(pStr));
-- 
cgit