14Oca
How does the SSL/TLS protocol determine if a certificate is expired or not?
I already tried googling but no luck. All search results always tell you how to check cert expiration manually, but that is not my question. Yes I can use OpenSSL for example, but what I am asking is how the SSL/TLS protocol does it, not how a user/human can do it.
The question:
We know that SSL/TLS handshake will fail if a certificate is expired. How does the SSL/TLS protocol determine if a certificate is expired or not? What is/are the mathematical functions being used to extract the validity date? Also to what "time reference" (or database?) does it compare the current validity date to determine if it is expired or not? Is it the time of the local machine or of some remote server or what?
