From 5e8d921f55a558a20bc8f2a4cdac2da96e61b06e Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 11 Jun 2024 08:03:28 +0200
Subject: [PATCH] openssl: shortcut store_expired for negative timeouts

Avoid some unnecessary computation if the timeout is negative.

Spotted by CodeSonar
Closes #13919
---
 lib/vtls/openssl.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 95a8526ba3..a7f5f9a032 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3310,14 +3310,15 @@ cached_x509_store_expired(const struct Curl_easy *data,
                           const struct ossl_x509_share *mb)
 {
   const struct ssl_general_config *cfg = &data->set.general_ssl;
-  struct curltime now = Curl_now();
-  timediff_t elapsed_ms = Curl_timediff(now, mb->time);
-  timediff_t timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000;
+  if(cfg->ca_cache_timeout < 0)
+    return FALSE;
+  else {
+    struct curltime now = Curl_now();
+    timediff_t elapsed_ms = Curl_timediff(now, mb->time);
+    timediff_t timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000;
 
-  if(timeout_ms < 0)
-    return false;
-
-  return elapsed_ms >= timeout_ms;
+    return elapsed_ms >= timeout_ms;
+  }
 }
 
 static bool