Simplify the certificate validity month calculations

Previously, the date calculation for determining if a certificate
had a too long validity was based on calculating a rounded difference
on the day portion of the date and the difference in months. This would
result in "rounding up" when calculating how many months were between
two dates.

With this change, the determination for whether a certificate has a
validity greater than the maximum permitted is based on the difference
in the number of days (accounting for leap years). Strictly speaking,
this loosens the strictness of enforcement, which means that additional
certificates may now be accepted that might otherwise not, but it
simplifies the computations and makes it less likely that an otherwise
valid certificate would be rejected due to rounding.


Change-Id: I9577169588f285bd9e2afeee882838de404b1a56
Commit-Queue: Ryan Sleevi <>
Reviewed-by: Eric Roman <>
Cr-Commit-Position: refs/heads/master@{#549031}
5 files changed