diff options
Diffstat (limited to 'src/crypto/tls/common.go')
| -rw-r--r-- | src/crypto/tls/common.go | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go index 099a11ca63..65cff5f5b9 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -1846,3 +1846,16 @@ func fipsAllowChain(chain []*x509.Certificate) bool { return true } + +// anyUnexpiredChain reports if at least one of verifiedChains is still +// unexpired. If verifiedChains is empty, it returns false. +func anyUnexpiredChain(verifiedChains [][]*x509.Certificate, now time.Time) bool { + for _, chain := range verifiedChains { + if len(chain) != 0 && !slices.ContainsFunc(chain, func(cert *x509.Certificate) bool { + return now.Before(cert.NotBefore) || now.After(cert.NotAfter) // cert is expired + }) { + return true + } + } + return false +} |