X-Git-Url: https://git.librecmc.org/?p=oweals%2Fucert.git;a=blobdiff_plain;f=ucert.c;h=6762ed8ae07fcb5e959e081ff93e6aedde307b4a;hp=d5652e8510e862af845ba01b57f0179f6e506a5a;hb=0ac1d402db62c287e7bb4b71293cbaea37b9f81c;hpb=8e91520771a7e0c86690e14443672a68818101e2

diff --git a/ucert.c b/ucert.c
index d5652e8..6762ed8 100644
--- a/ucert.c
+++ b/ucert.c
@@ -250,6 +250,7 @@ static int chain_verify(const char *msgfile, const char *pubkeyfile,
 	char extsigfile[256] = {0};
 	int ret = 1;
 	int checkmsg = 0;
+	struct timeval tv;
 
 	if (mkdtemp(tmpdir) == NULL)
 		return errno;
@@ -257,10 +258,11 @@ static int chain_verify(const char *msgfile, const char *pubkeyfile,
 	if (msgfile)
 		checkmsg = -1;
 
+	gettimeofday(&tv, NULL);
+
 	list_for_each_entry(cobj, chain, list) {
 		/* blob has payload, verify that using signature */
 		if (cobj->cert[CERT_ATTR_PAYLOAD]) {
-			struct timeval tv;
 			uint64_t validfrom;
 			uint64_t expiresat;
 			uint32_t certtype;
@@ -306,7 +308,6 @@ static int chain_verify(const char *msgfile, const char *pubkeyfile,
 				goto clean_and_return;
 			}
 
-			gettimeofday(&tv, NULL);
 			if (tv.tv_sec < validfrom ||
 			    tv.tv_sec >= expiresat) {
 				ret = 3;
@@ -409,7 +410,6 @@ static int cert_issue(const char *certfile, const char *pubkeyfile, const char *
 	struct blob_buf certbuf;
 	struct blob_buf payloadbuf;
 	struct timeval tv;
-	struct stat st;
 	int pklen, siglen;
 	int revoker = 1;
 	void *c;
@@ -512,6 +512,8 @@ static int cert_process_revoker(const char *certfile, const char *pubkeydir) {
 		return 1;
 	}
 
+	gettimeofday(&tv, NULL);
+
 	list_for_each_entry(cobj, &certchain, list) {
 		if (!cobj->cert[CERT_ATTR_PAYLOAD])
 			return 2;
@@ -556,7 +558,6 @@ static int cert_process_revoker(const char *certfile, const char *pubkeydir) {
 			return 2;
 		}
 
-		gettimeofday(&tv, NULL);
 		if (tv.tv_sec < validfrom) {
 			return 3;
 		}