From 88afb3258d76894bf780e8d0ede0d688122f4319 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Tue, 5 Apr 2011 01:50:12 +1000
Subject: [PATCH] don't return GSS_S_CREDENTIALS_EXPIRED if no expiry time

---
 mech_eap/accept_sec_context.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mech_eap/accept_sec_context.c b/mech_eap/accept_sec_context.c
index d54ea48..ca95f5c 100644
--- a/mech_eap/accept_sec_context.c
+++ b/mech_eap/accept_sec_context.c
@@ -121,7 +121,7 @@ acceptReadyEap(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred)
     if (GSS_ERROR(major))
         return major;
 
-    if (ctx->expiryTime < time(NULL)) {
+    if (ctx->expiryTime != 0 && ctx->expiryTime < time(NULL)) {
         *minor = GSSEAP_CRED_EXPIRED;
         return GSS_S_CREDENTIALS_EXPIRED;
     }
-- 
2.1.4