From d8abbd971ec8f9fe10ec1be21a397397a0503bdd Mon Sep 17 00:00:00 2001
From: Ian Young <ian@iay.org.uk>
Date: Fri, 7 Mar 2014 12:11:18 +0000
Subject: [PATCH] Flag certificates which have KeyNames and expire beyond the
 end of 2014.

---
 build/check_embedded.pl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/build/check_embedded.pl b/build/check_embedded.pl
index 10e3fb56..8268a246 100755
--- a/build/check_embedded.pl
+++ b/build/check_embedded.pl
@@ -280,6 +280,7 @@ sub comment {
 				#
 				if ($notAfter =~ /(\d\d\d\d)/) {
 					my $year = $1;
+					$expiryYear = $year;
 					if ($year > $maxYear) {
 						$maxYear = $year;
 					}
@@ -481,6 +482,9 @@ sub comment {
 			warning("issuer \"$issuerCN\" to be retired; certificate expires $notAfter; remove KeyName?");
 			$issuerMark{$issuerCN} = '*';
 		}
+		if ($hasKeyName && ($expiryYear > 2014)) {
+			warning("expires $notAfter, which is later than 2014");
+		}
 
 		#
 		# Count issuers.