diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index a45653770..1520a7cfa 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -230,15 +230,26 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
 
 /**
  * \brief          Check a given x509_time against the system time and check
- *                 if it is valid.
+ *                 if it is not expired.
  *
  * \param time     x509_time to check
  *
- * \return         Return 0 if the x509_time is still valid,
- *                 or 1 otherwise.
+ * \return         0 if the x509_time is still valid,
+ *                 1 otherwise.
  */
 int x509_time_expired( const x509_time *time );
 
+/**
+ * \brief          Check a given x509_time against the system time and check
+ *                 if it is not from the future.
+ *
+ * \param time     x509_time to check
+ *
+ * \return         0 if the x509_time is already valid,
+ *                 1 otherwise.
+ */
+int x509_time_future( const x509_time *time );
+
 /**
  * \brief          Checkup routine
  *
diff --git a/library/x509.c b/library/x509.c
index e042347ba..9c3b0f4aa 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -621,22 +621,20 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
  * Return 0 if the x509_time is still valid, or 1 otherwise.
  */
 #if defined(POLARSSL_HAVE_TIME)
-int x509_time_expired( const x509_time *to )
-{
-    int year, mon, day;
-    int hour, min, sec;
 
+static void x509_get_current_time( x509_time *now )
+{
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
     SYSTEMTIME st;
 
     GetLocalTime(&st);
 
-    year = st.wYear;
-    mon = st.wMonth;
-    day = st.wDay;
-    hour = st.wHour;
-    min = st.wMinute;
-    sec = st.wSecond;
+    now->year = st.wYear;
+    now->mon = st.wMonth;
+    now->day = st.wDay;
+    now->hour = st.wHour;
+    now->min = st.wMinute;
+    now->sec = st.wSecond;
 #else
     struct tm *lt;
     time_t tt;
@@ -644,55 +642,87 @@ int x509_time_expired( const x509_time *to )
     tt = time( NULL );
     lt = localtime( &tt );
 
-    year = lt->tm_year + 1900;
-    mon = lt->tm_mon + 1;
-    day = lt->tm_mday;
-    hour = lt->tm_hour;
-    min = lt->tm_min;
-    sec = lt->tm_sec;
+    now->year = lt->tm_year + 1900;
+    now->mon = lt->tm_mon + 1;
+    now->day = lt->tm_mday;
+    now->hour = lt->tm_hour;
+    now->min = lt->tm_min;
+    now->sec = lt->tm_sec;
 #endif
+}
 
-    if( year  > to->year )
+/*
+ * Return 0 if before <= after, 1 otherwise
+ */
+static int x509_check_time( const x509_time *before, const x509_time *after )
+{
+    if( before->year  > after->year )
         return( 1 );
 
-    if( year == to->year &&
-        mon   > to->mon )
+    if( before->year == after->year &&
+        before->mon   > after->mon )
         return( 1 );
 
-    if( year == to->year &&
-        mon  == to->mon  &&
-        day   > to->day )
+    if( before->year == after->year &&
+        before->mon  == after->mon  &&
+        before->day   > after->day )
         return( 1 );
 
-    if( year == to->year &&
-        mon  == to->mon  &&
-        day  == to->day  &&
-        hour  > to->hour )
+    if( before->year == after->year &&
+        before->mon  == after->mon  &&
+        before->day  == after->day  &&
+        before->hour  > after->hour )
         return( 1 );
 
-    if( year == to->year &&
-        mon  == to->mon  &&
-        day  == to->day  &&
-        hour == to->hour &&
-        min   > to->min  )
+    if( before->year == after->year &&
+        before->mon  == after->mon  &&
+        before->day  == after->day  &&
+        before->hour == after->hour &&
+        before->min   > after->min  )
         return( 1 );
 
-    if( year == to->year &&
-        mon  == to->mon  &&
-        day  == to->day  &&
-        hour == to->hour &&
-        min  == to->min  &&
-        sec   > to->sec  )
+    if( before->year == after->year &&
+        before->mon  == after->mon  &&
+        before->day  == after->day  &&
+        before->hour == after->hour &&
+        before->min  == after->min  &&
+        before->sec   > after->sec  )
         return( 1 );
 
     return( 0 );
 }
+
+int x509_time_expired( const x509_time *to )
+{
+    x509_time now;
+
+    x509_get_current_time( &now );
+
+    return( x509_check_time( &now, to ) );
+}
+
+int x509_time_future( const x509_time *from )
+{
+    x509_time now;
+
+    x509_get_current_time( &now );
+
+    return( x509_check_time( from, &now ) );
+}
+
 #else  /* POLARSSL_HAVE_TIME */
+
 int x509_time_expired( const x509_time *to )
 {
     ((void) to);
     return( 0 );
 }
+
+int x509_time_future( const x509_time *from )
+{
+    ((void) from);
+    return( 0 );
+}
 #endif /* POLARSSL_HAVE_TIME */
 
 #if defined(POLARSSL_SELF_TEST)
diff --git a/tests/data_files/crl-future.pem b/tests/data_files/crl-future.pem
new file mode 100644
index 000000000..1938219d4
--- /dev/null
+++ b/tests/data_files/crl-future.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBgzCCAQoCAQEwCQYHKoZIzj0EATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTMyMDMxMDEx
+MDUxNVoXDTQyMDMwODExMDUxNVowKDASAgEKFw0xMzA5MjQxNjI4MzhaMBICARYX
+DTE0MDEyMDEzNDMwNVqgcjBwMG4GA1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb
++zZ8oUKkQDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNV
+BAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gA
+MGUCMQCmsvNsOQdbGpmzpeZlKU9lDP6yyWenrI/89swZYogE3cSPob4tOzeYg38i
+or91IPgCMD7N/0Qz6Nq2IgBtZORLgsA0ltK+W6AOS+/EIhvGuXV8uguUyYknl4vb
++cE+lWxhCQ==
+-----END X509 CRL-----
diff --git a/tests/data_files/server5-future.crt b/tests/data_files/server5-future.crt
new file mode 100644
index 000000000..969c84b46
--- /dev/null
+++ b/tests/data_files/server5-future.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHjCCAaWgAwIBAgIBHTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MzIwMzEwMTEwNDExWhcNNDIwMzA4MTEwNDExWjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
+2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
+clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2cAMGQCMAZWcb+NYxFVK+W6Z5eknM2TrbqQGZEYHQXeV9/XF0t7
+TLDhA6a/pFDTJVZunFzesgIwfqkBYuvMkiNlS4lWcVyf8L4CZIHCn1yHnOCxu8ix
+uqgLb4na3i94x9urgbZZYfVK
+-----END CERTIFICATE-----
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index f9a536681..166be6806 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -170,6 +170,30 @@ X509 Time Expired #6
 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
 x509_time_expired:"data_files/test-ca.crt":"valid_to":0
 
+X509 Time Future #1
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
+x509_time_future:"data_files/server5.crt":"valid_from":0
+
+X509 Time Future #2
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
+x509_time_future:"data_files/server5.crt":"valid_to":1
+
+X509 Time Future #3
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
+x509_time_future:"data_files/server5-future.crt":"valid_from":1
+
+X509 Time Future #4
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
+x509_time_future:"data_files/server5-future.crt":"valid_to":1
+
+X509 Time Future #5
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
+x509_time_future:"data_files/test-ca2.crt":"valid_from":0
+
+X509 Time Future #6
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
+x509_time_future:"data_files/test-ca2.crt":"valid_to":1
+
 X509 Certificate verification #1 (Revoked Cert, Expired CRL)
 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
 x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:"NULL"
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index d992c1d18..863823545 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -166,6 +166,26 @@ void x509_time_expired( char *crt_file, char *entity, int result )
 }
 /* END_CASE */
 
+/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_USE_C */
+void x509_time_future( char *crt_file, char *entity, int result )
+{
+    x509_crt   crt;
+
+    x509_crt_init( &crt );
+
+    TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == 0 );
+
+    if( strcmp( entity, "valid_from" ) == 0 )
+        TEST_ASSERT( x509_time_future( &crt.valid_from ) == result );
+    else if( strcmp( entity, "valid_to" ) == 0 )
+        TEST_ASSERT( x509_time_future( &crt.valid_to ) == result );
+    else
+        TEST_ASSERT( "Unknown entity" == 0 );
+
+    x509_crt_free( &crt );
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C */
 void x509parse_crt( char *crt_data, char *result_str, int result )
 {