minimize the change made + wrap the modified section

2025-04-04 04:27:36 +03:00 · 2023-03-12 13:49:23 +08:00 · 2023-03-12 13:49:23 +08:00 · 9ef5f4f15f
commit 9ef5f4f15f
parent f04eb57e6c
1 changed files with 3 additions and 2 deletions
--- a/handshake_client.go
+++ b/handshake_client.go
@ -303,6 +303,7 @@ func (c *Conn) loadSession(hello *clientHelloMsg) (cacheKey string,
 			return cacheKey, nil, nil, nil, nil
 		}
 		serverCert := session.serverCertificates[0]
+		// [UTLS SECTION START]
 		if !c.config.InsecureSkipTimeVerify {
 			if c.config.time().After(serverCert.NotAfter) {
 				// Expired certificate, delete the entry.
@ -321,6 +322,7 @@ func (c *Conn) loadSession(hello *clientHelloMsg) (cacheKey string,
 				return cacheKey, nil, nil, nil, nil
 			}
 		}
+		// [UTLS SECTION END]
 	}

 	if session.vers != VersionTLS13 {
@ -901,13 +903,12 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 		// [UTLS SECTION START]
 		opts := x509.VerifyOptions{
 			Roots:         c.config.RootCAs,
+			CurrentTime:   c.config.time(),
 			Intermediates: x509.NewCertPool(),
 		}

 		if c.config.InsecureSkipTimeVerify {
 			opts.CurrentTime = certs[0].NotAfter
-		} else {
-			opts.CurrentTime = c.config.time()
 		}

 		if len(c.config.InsecureServerNameToVerify) == 0 {