From 184e7a2bf2d091a48029f9953693a2b9f3ba3cc1 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@golang.org>
Date: Mon, 29 Oct 2012 11:16:58 -0400
Subject: [PATCH] crypto/x509: always write validity times in UTC.

RFC 5280 section 4.1.2.5.1 says so.

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/6775068
---
 src/pkg/crypto/x509/x509.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/pkg/crypto/x509/x509.go b/src/pkg/crypto/x509/x509.go
index cfefbc5ace..5cfd09008c 100644
--- a/src/pkg/crypto/x509/x509.go
+++ b/src/pkg/crypto/x509/x509.go
@@ -1224,7 +1224,7 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub interf
 		SerialNumber:       template.SerialNumber,
 		SignatureAlgorithm: signatureAlgorithm,
 		Issuer:             asn1.RawValue{FullBytes: asn1Issuer},
-		Validity:           validity{template.NotBefore, template.NotAfter},
+		Validity:           validity{template.NotBefore.UTC(), template.NotAfter.UTC()},
 		Subject:            asn1.RawValue{FullBytes: asn1Subject},
 		PublicKey:          publicKeyInfo{nil, publicKeyAlgorithm, encodedPublicKey},
 		Extensions:         extensions,
@@ -1314,8 +1314,8 @@ func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts [
 			Algorithm: oidSignatureSHA1WithRSA,
 		},
 		Issuer:              c.Subject.ToRDNSequence(),
-		ThisUpdate:          now,
-		NextUpdate:          expiry,
+		ThisUpdate:          now.UTC(),
+		NextUpdate:          expiry.UTC(),
 		RevokedCertificates: revokedCerts,
 	}
 
-- 
2.48.1