diff options
| -rw-r--r-- | rpkid/rpki/exceptions.py | 5 | ||||
| -rw-r--r-- | rpkid/rpki/x509.py | 5 |
2 files changed, 10 insertions, 0 deletions
diff --git a/rpkid/rpki/exceptions.py b/rpkid/rpki/exceptions.py index f57c679d..b1948337 100644 --- a/rpkid/rpki/exceptions.py +++ b/rpkid/rpki/exceptions.py @@ -326,3 +326,8 @@ class CommandParseFailure(RPKI_Exception): """ Failed to parse command line. """ + +class CMSCertHasExpired(RPKI_Exception): + """ + CMS certificate has expired. + """ diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py index 00c7c448..3b64c907 100644 --- a/rpkid/rpki/x509.py +++ b/rpkid/rpki/x509.py @@ -956,6 +956,11 @@ class CMS_object(DER_object): if len(crls) > 1: raise rpki.exceptions.UnexpectedCMSCRLs # , crls + now = rpki.sundial.now() + for x in certs: + if x.getNotAfter() < now: + raise rpki.exceptions.CMSCertHasExpired # , x + try: content = cms.verify(store) except (rpki.async.ExitNow, SystemExit): |