Verify OCSP certificate by producedat time

IB-3995

src/crypto/OCSP.cpp

@@ -24,6 +24,7 @@
 #include "Conf.h"
 #include "crypto/OpenSSLHelpers.h"
 #include "crypto/X509CertStore.h"
+#include "util/DateTime.h"
 
 #include <algorithm>
 
@@ -442,6 +443,10 @@ void OCSP::verifyResponse(const X509Cert &cert) const
         }
     });
 
+    tm t = util::date::ASN1TimeToTM(producedAt());
+    X509_VERIFY_PARAM_set_time(store->param, util::date::mkgmtime(t));
+    X509_STORE_set_flags(store.get(), X509_V_FLAG_USE_CHECK_TIME);
+
     //X509_STORE_set_trust(store.get(), X509_TRUST_TRUSTED);
     //X509_STORE_set_purpose(store.get(), NID_OCSP_sign);
 

src/util/DateTime.cpp

@@ -127,7 +127,11 @@ time_t digidoc::util::date::string2time_t(const string &time)
         ,0
 #endif
     };
+    return mkgmtime(t);
+}
 
+time_t digidoc::util::date::mkgmtime(struct tm &t)
+{
 #ifdef _WIN32
     return _mkgmtime(&t);
 #else

src/util/DateTime.h

@@ -30,6 +30,7 @@ namespace digidoc
     {
         namespace date
         {
+            time_t mkgmtime(struct tm &t);
             tm ASN1TimeToTM(const std::string &date);
             std::string xsd2string(const xml_schema::DateTime &time);
             time_t string2time_t(const std::string &time);