From cdcf5fdb30f5810fe75e387e11db7c78bf9ece1f Mon Sep 17 00:00:00 2001
From: Bruno Silvestre <brunoos@inf.ufg.br>
Date: Wed, 23 Jun 2021 13:35:49 -0300
Subject: [PATCH] Off by one in cert:validat(notafter) #173

---
 src/x509.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/x509.c b/src/x509.c
index 929f1f4..0d54926 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -485,10 +485,13 @@ static int meth_digest(lua_State* L)
  */
 static int meth_valid_at(lua_State* L)
 {
+  int nb, na;
   X509* cert = lsec_checkx509(L, 1);
   time_t time = luaL_checkinteger(L, 2);
-  lua_pushboolean(L, (X509_cmp_time(X509_get0_notAfter(cert), &time)     >= 0
-                      && X509_cmp_time(X509_get0_notBefore(cert), &time) <= 0));
+  nb = X509_cmp_time(X509_get0_notBefore(cert), &time);
+  time -= 1;
+  na = X509_cmp_time(X509_get0_notAfter(cert),  &time);
+  lua_pushboolean(L, nb == -1 && na == 1);
   return 1;
 }