Check that the certificate lifetime is valid

author: Grégoire Duchêne <gduchene@awhk.org> 2020-05-23 10:42:38 +0100
committer: Grégoire Duchêne <gduchene@awhk.org> 2020-05-23 10:42:38 +0100
commit: 904f357b8180bbe92dc9880ddb8a0f97922ea32d (patch)
tree: 691e92db4f1ad0475b80e158628667e6f9d6647f
parent: ed08e75cd73de0f87407062858b43813fe3c1c02 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/main.go b/main.go
index 590aff2..affb784 100644
--- a/main.go
+++ b/main.go
@@ -233,11 +233,18 @@ func main() {
 			log.Fatalln("error: could not parse the CA certificate:", err)
 		}
 	}
+	if tmpl.NotBefore.Before(parentCert.NotBefore) {
+		log.Fatalf("error: certificate starts before (%v) its parent (%v)",
+			tmpl.NotBefore, parentCert.NotBefore)
+	}
+	if tmpl.NotAfter.After(parentCert.NotAfter) {
+		log.Fatalf("error: certificate expires after (%v) its parent (%v)",
+			tmpl.NotAfter, parentCert.NotAfter)
+	}
 	cert, err := x509.CreateCertificate(rand.Reader, tmpl, parentCert, &key.PublicKey, parentKey)
 	if err != nil {
 		log.Fatalln("error: could not generate the certificate:", err)
 	}
-
 	keyOut, err := os.OpenFile(out+".key", os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0600)
 	if err != nil {
 		log.Fatalln("error: could not create the private key:", err)
author	Grégoire Duchêne <gduchene@awhk.org>	2020-05-23 10:42:38 +0100
committer	Grégoire Duchêne <gduchene@awhk.org>	2020-05-23 10:42:38 +0100
commit	904f357b8180bbe92dc9880ddb8a0f97922ea32d (patch)
tree	691e92db4f1ad0475b80e158628667e6f9d6647f
parent	ed08e75cd73de0f87407062858b43813fe3c1c02 (diff)