From: Adam Langley <agl@golang.org>
Date: Mon, 29 Oct 2012 15:16:58 +0000 (-0400)
Subject: crypto/x509: always write validity times in UTC.
X-Git-Tag: go1.1rc2~2043
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=184e7a2bf2d091a48029f9953693a2b9f3ba3cc1;p=gostls13.git

crypto/x509: always write validity times in UTC.

RFC 5280 section 4.1.2.5.1 says so.

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/6775068
---

diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go
index cfefbc5ace..5cfd09008c 100644
--- a/src/pkg/crypto/x509/x509.go
+++ b/src/pkg/crypto/x509/x509.go
@@ -1224,7 +1224,7 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub interf
 		SerialNumber:       template.SerialNumber,
 		SignatureAlgorithm: signatureAlgorithm,
 		Issuer:             asn1.RawValue{FullBytes: asn1Issuer},
-		Validity:           validity{template.NotBefore, template.NotAfter},
+		Validity:           validity{template.NotBefore.UTC(), template.NotAfter.UTC()},
 		Subject:            asn1.RawValue{FullBytes: asn1Subject},
 		PublicKey:          publicKeyInfo{nil, publicKeyAlgorithm, encodedPublicKey},
 		Extensions:         extensions,
@@ -1314,8 +1314,8 @@ func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts [
 			Algorithm: oidSignatureSHA1WithRSA,
 		},
 		Issuer:              c.Subject.ToRDNSequence(),
-		ThisUpdate:          now,
-		NextUpdate:          expiry,
+		ThisUpdate:          now.UTC(),
+		NextUpdate:          expiry.UTC(),
 		RevokedCertificates: revokedCerts,
 	}