Description: verify CA paths at source code packaging time
Author: Milan Kupcevic <milan@debian.org>
Forwarded: not-needed
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/letsencrypt-ca/Makefile
+++ b/letsencrypt-ca/Makefile
@@ -68,18 +68,18 @@
 	$(RM) $(targets) *.pem
 
 check : all
-	openssl verify -CApath . isrgrootx1.pem
-	openssl verify -CApath . isrg-root-x2.pem
-	openssl verify -CApath . lets-encrypt-e5.pem
-	openssl verify -CApath . lets-encrypt-e6.pem
-	openssl verify -CApath . lets-encrypt-r10.pem
-	openssl verify -CApath . lets-encrypt-r11.pem
-	openssl verify -CApath . lets-encrypt-e7.pem
-	openssl verify -CApath . lets-encrypt-e8.pem
-	openssl verify -CApath . lets-encrypt-e9.pem
-	openssl verify -CApath . lets-encrypt-r12.pem
-	openssl verify -CApath . lets-encrypt-r13.pem
-	openssl verify -CApath . lets-encrypt-r14.pem
+	openssl verify -attime $(SOURCE_DATE_EPOCH) -CApath . isrgrootx1.pem
+	openssl verify -attime $(SOURCE_DATE_EPOCH) -CApath . isrg-root-x2.pem
+	openssl verify -attime $(SOURCE_DATE_EPOCH) -CApath . lets-encrypt-e5.pem
+	openssl verify -attime $(SOURCE_DATE_EPOCH) -CApath . lets-encrypt-e6.pem
+	openssl verify -attime $(SOURCE_DATE_EPOCH) -CApath . lets-encrypt-r10.pem
+	openssl verify -attime $(SOURCE_DATE_EPOCH) -CApath . lets-encrypt-r11.pem
+	openssl verify -attime $(SOURCE_DATE_EPOCH) -CApath . lets-encrypt-e7.pem
+	openssl verify -attime $(SOURCE_DATE_EPOCH) -CApath . lets-encrypt-e8.pem
+	openssl verify -attime $(SOURCE_DATE_EPOCH) -CApath . lets-encrypt-e9.pem
+	openssl verify -attime $(SOURCE_DATE_EPOCH) -CApath . lets-encrypt-r12.pem
+	openssl verify -attime $(SOURCE_DATE_EPOCH) -CApath . lets-encrypt-r13.pem
+	openssl verify -attime $(SOURCE_DATE_EPOCH) -CApath . lets-encrypt-r14.pem
 
 4042bcee.signing_policy : isrgrootx1.signing_policy
 	$(LINK) isrgrootx1.signing_policy 4042bcee.signing_policy
