From d20f5b8848319faef11384074c12a636113257f8 Mon Sep 17 00:00:00 2001
From: Baohua Yang <yangbaohua@gmail.com>
Date: Fri, 10 Mar 2023 10:30:13 -0800
Subject: [PATCH] Ignore expired CA/TLS CA certs on msp init

This is a picked commit from

https://github.com/hyperledger/fabric/pull/3249.

Fix the issue that expired certs can block using sdk.

Change-Id: Idff5f8913c772a51844b4b4d39adbfccb28d5bec
Signed-off-by: Baohua Yang <yangbaohua@gmail.com>
---
 internal/github.com/hyperledger/fabric/msp/mspimplsetup.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/internal/github.com/hyperledger/fabric/msp/mspimplsetup.go b/internal/github.com/hyperledger/fabric/msp/mspimplsetup.go
index 8bf27055c7..661a4790b2 100644
--- a/internal/github.com/hyperledger/fabric/msp/mspimplsetup.go
+++ b/internal/github.com/hyperledger/fabric/msp/mspimplsetup.go
@@ -467,6 +467,7 @@ func (msp *bccspmsp) setupTLSCAs(conf *m.FabricMSPConfig) error {
 			return errors.WithMessagef(err, "CA Certificate problem with Subject Key Identifier extension, (SN: %x)", cert.SerialNumber)
 		}
 
+		opts.CurrentTime = cert.NotBefore.Add(time.Second)
 		if err := msp.validateTLSCAIdentity(cert, opts); err != nil {
 			return errors.WithMessagef(err, "CA Certificate is not valid, (SN: %s)", cert.SerialNumber)
 		}