xmlsec-nss: Option to ignore certificate validity expiry time

[jignatius]

openssl provides the -no_check_time option to "ignore certificate validity time".

Example:

$ openssl verify -CAfile cert1.pem  -CApath ./ cert2.pem  
...
error 10 at 1 depth lookup: certificate has expired
...
error 10 at 0 depth lookup: certificate has expired
error cert2.pem: verification failed

$ openssl verify -no_check_time -CAfile cert1.pem -CApath ./ cert2.pem  
cert2.pem: OK

It would be useful to have a "no check time" option in xmlsec too.

[lsh123]

There is no easy way to skip timestamp checks in NSS. Will keep the issue open for the future if NSS provides new APIs.