summaryrefslogtreecommitdiffstats
path: root/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
diff options
context:
space:
mode:
Diffstat (limited to 'CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c')
-rw-r--r--CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
index 4d23cbfb94..fafcf1ba85 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Verify.c
@@ -569,9 +569,10 @@ Pkcs7Verify (
//
// Allow partial certificate chains, terminated by a non-self-signed but
- // still trusted intermediate certificate.
+ // still trusted intermediate certificate. Also disable time checks.
//
- X509_STORE_set_flags (CertStore, X509_V_FLAG_PARTIAL_CHAIN);
+ X509_STORE_set_flags (CertStore,
+ X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME);
//
// OpenSSL PKCS7 Verification by default checks for SMIME (email signing) and
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-27 13:06:14 +0000