Add NO_CHECK_TIME to SSLTest.ECHBuiltinVerifier too

That test cert expires in 2099, which is a ways off but if this code is somehow still around by then, let's save the future some pain. With this fixed, our test all pass at least through the year 3000, so we're hopefully clear of timebombs. Change-Id: Ie9dcbc4f4db70c6bcc1ae9717c6e1ee89eb4195c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55625 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Bob Beck <bbe@google.com>
2 years ago · c7b255e5bb
parent 29723828ec
commit c7b255e5bb
1 changed files with 2 additions and 0 deletions
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@ -2267,6 +2267,8 @@ XRqE7XFhHL+7TNC2a9OOAjQsEF137YPWo+rhgko=
  ASSERT_TRUE(X509_STORE_add_cert(store.get(), root.get()));
  SSL_CTX_set_cert_store(client_ctx.get(), store.release());
  SSL_CTX_set_verify(client_ctx.get(), SSL_VERIFY_PEER, nullptr);
+  X509_VERIFY_PARAM_set_flags(SSL_CTX_get0_param(client_ctx.get()),
+                              X509_V_FLAG_NO_CHECK_TIME);
  static const char kSecretName[] = "secret.example";
  ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(SSL_CTX_get0_param(client_ctx.get()),
                                          kSecretName, strlen(kSecretName)));