From a91a1f9e16c7aa09a79dd8de5916b9dd0b65cb5c Mon Sep 17 00:00:00 2001
From: Matthew Miller <matthew@millerti.me>
Date: Fri, 12 Jun 2020 23:49:54 -0700
Subject: Refresh “now” before checking notAfter
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/server/src/attestation/verifications/verifyPacked.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'packages/server/src')

diff --git a/packages/server/src/attestation/verifications/verifyPacked.ts b/packages/server/src/attestation/verifications/verifyPacked.ts
index 3c32b16..d652d68 100644
--- a/packages/server/src/attestation/verifications/verifyPacked.ts
+++ b/packages/server/src/attestation/verifications/verifyPacked.ts
@@ -70,11 +70,12 @@ export default function verifyAttestationPacked(options: Options): boolean {
       throw new Error('Certificate version was not `3` (ASN.1 value of 2) (Packed|Full)');
     }
 
-    const now = new Date();
+    let now = new Date();
     if (notBefore > now) {
       throw new Error(`Certificate not good before "${notBefore.toString()}"`);
     }
 
+    now = new Date();
     if (notAfter < now) {
       throw new Error(`Certificate not good after "${notAfter.toString()}"`);
     }
-- 
cgit v1.2.3