Security | |
* When checking X.509 CRLs, a certificate was only considered as revoked if | |
its revocationDate was in the past according to the local clock if | |
available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE, | |
certificates were never considered as revoked. On builds with | |
MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for | |
example, an untrusted OS attacking a secure enclave) could prevent | |
revocation of certificates via CRLs. Fixed by no longer checking the | |
revocationDate field, in accordance with RFC 5280. Reported by | |
yuemonangong in #3340. Reported independently and fixed by | |
Raoul Strackx and Jethro Beekman in #3433. |