Add NO_CHECK_TIME to SSLTest.ECHBuiltinVerifier too

That test cert expires in 2099, which is a ways off but if this code is somehow still around by then, let's save the future some pain. With this fixed, our test all pass at least through the year 3000, so we're hopefully clear of timebombs. Change-Id: Ie9dcbc4f4db70c6bcc1ae9717c6e1ee89eb4195c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55625 Auto-Submit: David Benjamin <davidben@google.com> Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Bob Beck <bbe@google.com>
open-quantum-safe · Dec 16, 2022 · bb5f146 · bb5f146
1 parent 370e565
commit bb5f146
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
@@ -2397,6 +2397,8 @@ XRqE7XFhHL+7TNC2a9OOAjQsEF137YPWo+rhgko=
   ASSERT_TRUE(X509_STORE_add_cert(store.get(), root.get()));
   SSL_CTX_set_cert_store(client_ctx.get(), store.release());
   SSL_CTX_set_verify(client_ctx.get(), SSL_VERIFY_PEER, nullptr);
+  X509_VERIFY_PARAM_set_flags(SSL_CTX_get0_param(client_ctx.get()),
+                              X509_V_FLAG_NO_CHECK_TIME);
   static const char kSecretName[] = "secret.example";
   ASSERT_TRUE(X509_VERIFY_PARAM_set1_host(SSL_CTX_get0_param(client_ctx.get()),
                                           kSecretName, strlen(kSecretName)));